Is there any simple method to stop attacks from other countries? This applies to CCR

Can you be more specific ?
Under what type of attack are you?

Hello,

you can add the following lines into a script which will create and address-list will all the IP address from Bulgaria ( just an example ) and based on that you can create a firewall rule to drop the connections from those ip's.

/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/BG
/import file-name=BG

all the best,

Daniel

Hello,

you can add the following lines into a script which will create and address-list will all the IP address from Bulgaria ( just an example ) and based on that you can create a firewall rule to drop the connections from those ip's.

/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/BG
/import file-name=BG

all the best,

Daniel

What about other countries?

Is there any simple method to stop attacks from other countries? This applies to CCR

If you only allow trusted networks access to the CCR services with firewall filter input rules you don't have to block by country. Blocking by country has very minimal impact.

disable unused services in /ip services and then restrict what networks can access the ones you use.
/ip firewall address-list
add address=x.x.x.x comment="Management IP" list=Management_Networks

/ip firewall filter
add action=accept chain=input comment="Allow trusted networks access to ssh & winbox" dst-port=22,8291 protocol=tcp src-address-list=Management_Networks

Is there any simple method to stop attacks from other countries? This applies to CCR

If you only allow trusted networks access to the CCR services with firewall filter input rules you don't have to block by country. Blocking by country has very minimal impact.

disable unused services in /ip services and then restrict what networks can access the ones you use.
/ip firewall address-list
add address=x.x.x.x comment="Management IP" list=Management_Networks

/ip firewall filter
add action=accept chain=input comment="Allow trusted networks access to ssh & winbox" dst-port=22,8291 protocol=tcp src-address-list=Management_Networks

Thanks to all that have answered. I think this solution will work for us better than blocking specific countries.

Hello,

you can add the following lines into a script which will create and address-list will all the IP address from Bulgaria ( just an example ) and based on that you can create a firewall rule to drop the connections from those ip's.

/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/BG
/import file-name=BG

all the best,

Daniel

What about other countries?

Simply change the request ?

http://www.iwik.org/ipcountry/mikrotik/CN will give you China ranges ,
US will give US-range, BE , NL , .... etc. us the various country-codes as listed here :

http://www.iwik.org/ipcountry/

I disabled all the services on MTiK except Winbox access.
Winbox port changed to a random one, disabled all guest accounts and created new ones for admins, let's say it's difficult to guess username since it contains alphanumerics

Also make sure you limit who can access winbox (ip address access list, not just the user accounts created), leaving it exposed is not recommend in case there are any exploits against it (which there was within recent years)
All these items mentioned above are mentioned many times throughout this forum.

If you need to administer your Router from Outside, use VPN

But if that is not an option, take care if you open WinBox on the outside IP.

1. Use a good and very strong username/password
2. Make sure routerOS is updated to latest version
3. Use access list to limit who can admin the router from outside
4. Do not use default port 8291, use another.
5. Use port knocking (search forum on how to do it)
6. Send all you logs to an external server (see my signature on how to use Splunk with Mikrotik RouterOS
7. Do think once again if you really need the Winbox port open from the outside.