I'm getting log messages stating "login failure for user oracle, dell, etc. from 218.92.153.5 via ssh"
I've followed the guideline from the link below.
https://wiki.mikrotik.com/wiki/Brutefor ... prevention
My configuration is below:
Code: Select all
/ip firewall filter
add action=drop chain=input src-address-list=blacklisted-ip
add action=add-src-to-address-list address-list=blacklisted-ip \
address-list-timeout=3d chain=input connection-state=new dst-port=\
21,22,23,8291,8728,8279 protocol=tcp src-address=!192.168.20.0/23 \
src-address-list=stage-3
add action=add-src-to-address-list address-list=stage-3 address-list-timeout=\
5m chain=input connection-state=new dst-port=21,22,23,8291,8728,8279 \
protocol=tcp src-address=!192.168.20.0/23 src-address-list=stage-2
add action=add-src-to-address-list address-list=stage-2 address-list-timeout=\
5m chain=input connection-state=new dst-port=21,22,23,8291,8728,8279 \
protocol=tcp src-address=!192.168.20.0/23 src-address-list=stage-1
add action=add-src-to-address-list address-list=stage-1 address-list-timeout=\
3m chain=input connection-state=new dst-port=21,22,23,8291,8728,8279 \
protocol=tcp src-address=!192.168.20.0/23
Do I need to add additional firewall rules along with it? Since I keep getting that log. Please advise.