Community discussions

MUM Europe 2020
 
dadaniel
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri May 14, 2010 11:51 pm

dst-limit filter rule problem

Wed Aug 26, 2015 9:48 am

I have made firewall rules as found in http://wiki.mikrotik.com/wiki/Bruteforc ... prevention to protect my mail-server. They look for authentication failure messages my mail server is sending out and add the destination to a blacklist.
add chain=forward action=drop src-address-list=mail_blacklist
add chain=forward content="-ERR Authentication" dst-limit=1/1m,3,dst-address/1m protocol=tcp src-port=110
add chain=forward content="-ERR Authentication" action=add-dst-to-address-list address-list=mail_blacklist address-list-timeout=1w log=yes log-prefix=block_pop3 protocol=tcp src-port=110
The problem is that the add-dst-to-address-list - rule get triggered before the dst-limit rule above. One minute later the count on the dst-limit rule starts to rise to exactly the value of the add-dst-to-address-list - rule.

Any ideas what could be wrong here? Is dst-limit or rule order broken in v6.31?

Is there a better solution as found in the wiki?

Who is online

Users browsing this forum: Google [Bot] and 88 guests