I have a working brute force to block winbox access. It sort of works, the timers don't seem to fully work. For some reason when stage1 timer is say at 30 secs down from 1 minute and you log in again stage 2 timer starts and stage 1 timer refreshes back to 1 minute. Not sure if that is how it is suppose to or if I am doing something wrong.
Code: Select all
add chain=input protocol=tcp dst-port=8291 src-address-list=winbox_blacklist action=drop \
comment="drop winbox brute forcers" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new \
src-address-list=winbox_stage3 action=add-src-to-address-list address-list=winbox_blacklist \
address-list-timeout=10d comment="Winbox 10 day Ban" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new \
src-address-list=winbox_stage2 action=add-src-to-address-list address-list=winbox_stage3 \
address-list-timeout=1m comment="Winbox Stage 3" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new src-address-list=winbox_stage1 \
action=add-src-to-address-list address-list=winbox_stage2 address-list-timeout=1m comment="Winbox Stage 2" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new action=add-src-to-address-list \
address-list=winbox_stage1 address-list-timeout=1m comment="Winbox Stage 1" disabled=no
add chain=forward protocol=tcp dst-port=8291 src-address-list=winbox_blacklist action=drop \
comment="drop winbox brute downstream" disabled=no
Code: Select all
add chain=input protocol=tcp dst-port=8080 src-address-list=www_blacklist action=drop \
comment="drop www brute forcers" disabled=no
add chain=input protocol=tcp dst-port=8080 connection-state=new \
src-address-list=www_stage3 action=add-src-to-address-list address-list=www_blacklist \
address-list-timeout=10d comment="WWW 10 day Ban" disabled=no
add chain=input protocol=tcp dst-port=8080 connection-state=new \
src-address-list=www_stage2 action=add-src-to-address-list address-list=www_stage3 \
address-list-timeout=1m comment="WWW Stage 3" disabled=no
add chain=input protocol=tcp dst-port=8080 connection-state=new src-address-list=www_stage1 \
action=add-src-to-address-list address-list=www_stage2 address-list-timeout=1m comment="WWW Stage 2" disabled=no
add chain=input protocol=tcp dst-port=8080 connection-state=new action=add-src-to-address-list \
address-list=www_stage1 address-list-timeout=1m comment="WWW Stage 1" disabled=no
add chain=forward protocol=tcp dst-port=8080 src-address-list=www_blacklist action=drop \
comment="drop WWW brute downstream" disabled=no