Trivial blocking IP question

RouterOS Beginner Basics
1

Hi, here’s the situation: I have a WWW server in my LAN and forward ports 443 and 80 from public IP to local server’s IP. I’ve noticed that there are very specific IPs that tend to try cracking my server. I thought I’d block them and here is when things start to become ugly. First of all when I try to add a filter like this:

/ip firewall filter add chain=input src-address=xxx.xxx.xxx.xxx action=drop

nothing really happens. I have a testing computer with public IP and whenever I use its IP in the rule, the rule is completly ignored and I can access mu server from the outside. I experimented a bit and at one point found a solution (at least sort of):

/ip firewall filter add chain=forward src-address=xxx.xxx.xxx.xxx action=drop

I have a 2 questions:

  1. why chain=input didn’t work while chain=forward works? This doesn’t make sense to me really,
  2. when in the same rule I add dst-address=yyy.yyy.yyy.yyy (my server’s public IP), the rule stops working. What if I have 2-3 WWW servers, forward their public addresses to their LAN addresses and want some external IPs prevent from accessing only one or two of these servers?.

Kindest regards,

Olek

2
  1. Input chain is using for router itself. Forward is using for hosts between router;
  2. In that case you should add filter rule for LAN interface for output chain in order to manipulate local addresses. And dst-address must be local address.
3

I dont have servers so tis easy to stop scanners
In your case my setup would not work because it would block legitimate users from getting through.
So if you have a list of bad IPs fill your boots to block them but I fear you will be playing whackamole

Create IP Firewall Address LIst BadBoys
and add to the list.

Better to do the blockinh in Raw than Filter.

IP Firewall Raw
chain=prerouting
Source address list=BadBoys
Action: drop

Its a good question how to identify scanners vice legitimate users and perhaps someone can chime in on how to effectively deal with that scenario. Otherwise as I stated this is a losing chasing game in my opinion.

4

Thank you, anav. Your solution is even better for my case, where I know exactly whom I want to get rid of once and forever.