exactly, if you set firewall rules in succession that will add ip address into address list with short time-out, like 5 seconds till next new connection to attempt log in, then add it to next address-list then next (as many steps as you like) in the end add to last address list that is either permanent or will hold entries several hours.
logic something like this:
these are note actual commands:
/ip firewall filter action=drop src-list=1d-drop
/ip firewall filter action=add-to-address-list=1d-drop src-list=3rd-step address-list-timeout=1d
/ip firewall filter action=add-to-address-list=3rd-step src-list=2nd-step address-list-timeout=3s
/ip firewall filter action=add-to-address-list=2nd-step src-list=1st-step address-list-timeout=3s
/ip firewall filter action=add-to-address-list=1st-step address-list-timeout=3s
some order like this you add in firewall filter where new connections are handled
when normal customer (you) are logging in, your address will be added to 1st or maximum 2nd step that will time out shortly, of course, if you forget the login credentials and try to do this in very short time, as result you will effectively ban yourself for time set in timeout value of final address-list.
remember it is not based on login was successful or not, it only depends on that for some reason someone keeps on connecting with new connection to you several times in short period of time.