I'm new in Mikrotik but need to learn it because my new work
Have RB962UiGS at home. Need to block SSH after 3 unsuccessful logins. I know there is a wiki with example but there are a lot of lists before it. I need if somebody will try login firewall will add him to SSH_Blacklist for 10 days. Don't understand what 1/1m,1,dst-address/1m protocol=tcp means but it works.
This is what I have for FTP, after 3 bad logins
Code: Select all
/ip firewall address-list
add list=FTP_Blacklist
/ip firewall filter
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
in-interface=ether1 protocol=tcp src-address-list=FTP_Blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,1,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=FTP_Blacklist \
address-list-timeout=1w3d chain=output content="530 Login incorrect" \
protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment=Transmission dst-port=53105 \
in-interface=pppoe-out1 protocol=tcp to-addresses=10.31.0.102 to-ports=\
53105
add action=dst-nat chain=dstnat comment="Synology DSM" dst-port=6271 \
in-interface=pppoe-out1 protocol=tcp to-addresses=10.31.0.102 to-ports=6271
add action=masquerade chain=srcnat comment="VPN accept" src-address=\
10.31.10.0/24