I have someone trying to bruteforce my ssh port from the same IP, there's a few minutes between each attempt, so they never make it to the ssh blacklist. I decided to just make a rule to drop any connection from their IP:
Code: Select all
add action=drop chain=input src-address=<offending-ip>
Code: Select all
nov/18/2021 13:58:18 system,error,critical login failure for user adm1n_MKT from <offending-ip> via ssh
nov/18/2021 14:14:04 system,error,critical login failure for user admin from <offending-ip> via ssh
nov/18/2021 14:29:49 system,error,critical login failure for user adm1n_MKT from <offending-ip> via ssh
nov/18/2021 14:45:39 system,error,critical login failure for user admin from <offending-ip> via ssh
nov/18/2021 15:01:27 system,error,critical login failure for user adm1n_MKT from <offending-ip> via ssh