Community discussions

 
kurispo
just joined
Topic Author
Posts: 1
Joined: Thu Aug 07, 2014 2:29 pm

Fail2ban Scripts for RouterOS

Sat Aug 25, 2018 3:20 pm

#This's a System Scheduler Script.
#Fail2ban for Mik RouterOs . By xiaoD 27705090@qq.com

#define How many times login failed from same address will be ban.
:local maxtried 10

#define The baned addresses timeout.[1d: one day,30m: 30 minutes]
:local ban_time 3d

#define The exception address will not be ban.
:local ex_ip 1.2.3.4

#Begin Script.
#default Rules check and build
:if ([:len [/ip fi fi find comment=fail2ban]]=0) do={/ip fi fi add chain=input src-address-list=ban action=drop comment=fail2ban}
/log
:foreach i in=[find message~"login failure" ] do={
:local msg [get $i message]
:local theip [:pick $msg ([:find $msg "from "]+5) [:find $msg " via"]]
:if ($theip != $ex_ip) do={
:local timesban [:len [/ip fi addr find list=ban address=$theip]]
:if ($timesban = 0) do={
:local times [:len [/ip fi addr find list=login_failure address=$theip]]
:if ($times = 0) do={/ip fi addr add list=login_failure address=$theip timeout=1m comment=1} else={:local thecm [:tonum ([/ip fi addr get [find list=login_failure address=$theip] comment] + 1)];:if ($thecm > $maxtried ) do={[/ip fi addr add list=ban timeout=$ban_time address=$theip]} else={/ip fi addr set [find list=login_failure address=$theip] comment=$thecm}}
}
}
}
#End Script.

Who is online

Users browsing this forum: No registered users and 2 guests