I tried to block all connections from it with this rule:
Code: Select all
/ip firewall filter
add action=drop chain=input comment="some ip accessing port 522" log=yes log-prefix=adr-blocked: src-address=45.117.203.XXX
But it still shows under "firewall connections" with TCP state "time wait" or "established", even after reboot.
Isn't the above rule supposed to drop all interactions with this IP ?
Is it because I also have a NAT redirect on that port ? Maybe this rule comes before the above firewall filter ?
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat comment="ssh custom external port to local port 22" dst-port=522 in-interface=pppoe-work log=yes protocol=tcp to-addresses=192.168.XXX.XXX to-ports=22
And the log looks like this, because I enabled logging in the NAT rule, but shouldn't it be dropped before this log ?
Code: Select all
dstnat: in:pppoe-work out:(unknown 0), proto TCP (SYN), 45.117.203.XXX:53890->82.79.XXX.XXX:522, len 60