What about other countries?Hello,
you can add the following lines into a script which will create and address-list will all the IP address from Bulgaria ( just an example ) and based on that you can create a firewall rule to drop the connections from those ip's.
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/BG
/import file-name=BG
all the best,
Daniel
If you only allow trusted networks access to the CCR services with firewall filter input rules you don't have to block by country. Blocking by country has very minimal impact.Is there any simple method to stop attacks from other countries? This applies to CCR
Thanks to all that have answered. I think this solution will work for us better than blocking specific countries.If you only allow trusted networks access to the CCR services with firewall filter input rules you don't have to block by country. Blocking by country has very minimal impact.Is there any simple method to stop attacks from other countries? This applies to CCR
disable unused services in /ip services and then restrict what networks can access the ones you use.
/ip firewall address-list
add address=x.x.x.x comment="Management IP" list=Management_Networks
/ip firewall filter
add action=accept chain=input comment="Allow trusted networks access to ssh & winbox" dst-port=22,8291 protocol=tcp src-address-list=Management_Networks
Simply change the request ?What about other countries?Hello,
you can add the following lines into a script which will create and address-list will all the IP address from Bulgaria ( just an example ) and based on that you can create a firewall rule to drop the connections from those ip's.
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/BG
/import file-name=BG
all the best,
Daniel