I would like to detect the PPTP attacks from Bots and put them to a black list.
I tried it with the following rules.
I found very less information about the "Extra" in the firewall rules, I would like put the scr-address to the black list after 4 wrong authentications. Maybe someone can help with the settings or rules.6 ;;; detect PPTP attack
chain=input action=add-src-to-address-list connection-state=new connection-limit=4,32 protocol=tcp src-address-list=!black_list address-list=black_list address-list-timeout=1w dst-port=1723 dst-limit=3/1m,3,src-address/1m40s log=no
7 ;;; drop PPTP Blacklist
chain=input action=drop src-address-list=black_list log=no log-prefix=""