I have a PPTP server running on my router, and occasionally get brute force attempts on the login.
I periodically block these IPs, however I have noticed that the blocklist I have is not working.
Here is the connection I am attempting to block (I left his IP in ha)
input: in:Eth1-Outside out:(unknown 0), src-mac 50:5d:ac:4e:82:24, proto TCP (SYN), 18.104.22.168:44684->x.x.x.x:1723, len 60
The firewall rule I have is (1st rule):
/ip firewall address-list
add address=22.214.171.124 list=Blocked
add address=126.96.36.199 list=Blocked
add address=188.8.131.52 list=Blocked
add address=184.108.40.206 list=Blocked
add address=220.127.116.11 list=Blocked
add address=18.104.22.168 list=Blocked
add address=22.214.171.124 list=Blocked
/ip firewall filter
add action=drop chain=input comment="Blocked IPs" log=yes src-address-list=Blocked
Does the OS accept the PPTP before the firewall or something? How can I block these unwanted IPs?