Goodmorning.
I am experiencing bruteforce attacks, i tried to block ip, but there is still connection attempts from it... What do i do wrong?
Tried that command, but it does not hide sensitive information... so scrambled a little , hope this helpsIf possible, please POST the Config of your Device
(/export hide-sensitive file=anynameyouwish)
# dec/16/2021 14:51:22 by RouterOS 6.49.2
# software id = weeee
#
# model = RB2011UiAS
# serial number = kokoroko
/interface bridge
add admin-mac=xxx auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
set [ find default-name=ether2 ] name=ether2_Lan_2
set [ find default-name=ether5 ] name=ether5_WiFi
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=xxx-xxx
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE dns-server=xxx
/interface bridge port
add bridge=bridge comment=defconf interface=ether2_Lan_2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5_WiFi
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge disabled=yes interface=ether1_WAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=WAN lan-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=ether1_WAN list=WAN
/interface pptp-server server
set enabled=yes
/ip address
add address=xxx comment=defconf interface=ether2_Lan_2 network=\
xxx
/ip dhcp-client
# DHCP client can not run on slave interface!
add comment=defconf disabled=no interface=sfp1
/ip dhcp-server lease
add address=xxx client-id=xx mac-address=\
xxx server=defconf
add address=xxx client-id=xxx4 mac-address=\
xxx server=defconf
/ip dhcp-server network
add address=xxx comment=defconf gateway=xxx
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=xxx comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment=popo dst-port=e9eee protocol=tcp \
src-port=""
add action=accept chain=input comment=pipo dst-port=drgbvxbr protocol=tcp
add action=accept chain=input comment=swerr protocol=grgrggm,m,,m
add action=accept chain=input disabled=yes dst-port=grdszgrd protocol=tcp src-port=\
""
add action=accept chain=input dst-port=drgfdbrd protocol=tcp src-port=drgdfgbvrdet
add action=accept chain=forward dst-address=dgrrfxbfrd dst-port=drgdrzxbvrf \
protocol=udp src-port=drgdfvbfrdg
add action=accept chain=forward dst-address=drg dst-port=drghr \
protocol=tcp src-port=drgdrg
add action=accept chain=input dst-port=drtgr protocol=udp src-port=dfgvn
add action=accept chain=forward dst-address=dgfrd dst-port=kiik \
protocol=tcp src-address=0.0.0.0 src-port=tyty
add action=accept chain=forward dst-address=hhh dst-port=tyyy \
protocol=tcp src-address=0.0.0.0 src-port=qwe
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=drop chain=input src-address=45.129.136.46
add action=reject chain=input reject-with=icmp-network-unreachable \
src-address=45.129.136.46
add action=reject chain=input log=yes log-prefix=kaka reject-with=\
icmp-network-unreachable src-address=78.128.113.66
add action=reject chain=input log=yes log-prefix=kaka2 reject-with=\
icmp-network-unreachable src-address=78.128.113.67
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip service
set www disabled=yes
/ip upnp
set enabled=yes
/ppp secret
add local-address=qwe name=ttt profile=default-encryption \
remote-address=rtrr
/system clock
set time-zone-name=Planet/Mars
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Try to move the drop rule higher in the rule stack.
Firewall rules are always tested from top to bottom, so if it hits a rule higher up, your block rule will not hit anything.
/ip firewall address-list
add address=78.128.113.66 list=WAN-Blacklisted
add address=78.128.113.67 list=WAN-Blacklisted
add address=45.129.136.46 list=WAN-Blacklisted
/ip firewall filter
add action=drop chain=input src-address-list=WAN-Blacklisted place-before=0 in-interface-list=WAN comment="Drop: Blacklisted IP's (WAN --> Router)"
This tells me you have some sort of error regarding your WAN setup
/ip dhcp-client
# DHCP client can not run on slave interface!
add comment=defconf disabled=no interface=sfp1
I note you have sfp1 on the bridge so wondering what is going on for sure!!
What happened to ether1_WAN ??
YOUR INPUT RULES seem to be a problem area.
Way too many rules and probably not done correctly.
In fact the whole firewall ruleset is questionable, out of order and overly complex.
I know, those bots anyway will not achieve anything...Playing whackamole against bots is a waste of time.
Simply drop all else at the end of both chains and enjoy life.
Also recommend, for the cost of a couple of coffees per month, get this excellent service
(google MOAB mikrotik)