I have just tried to login via web interface with the ip address and it is not possible. Fine via Winbox MAC address only, not IP
Then I checked the firewall rules and the "hacker" entries look new to me. The ISP setup the router initially.
Additionally I had tried to install Proton VPN though it failed, see the entry. The are also entries in the router config file though want to look at these later.
Would someone be able to help me with this?
Thanks
Code: Select all
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input src-address-list=Management
add action=add-src-to-address-list address-list=Hackers address-list-timeout=1d chain=input comment="Add port scan to hackers" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=Hackers address-list-timeout=5m chain=input comment="Add excessive SSH to hackers" connection-limit=3,32 dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=Hackers address-list-timeout=1d chain=input comment="SSH added to Hackers" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=5m chain=input comment="SSH Stage2" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=5m chain=input comment="SSH Stage1" connection-state=new dst-port=22 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=under_protonvpn passthrough=yes src-address-list=under_protonvpn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether5-Backhaul
/ip firewall raw
add action=drop chain=prerouting src-address-list=Hackers