Community discussions

MikroTik App
  4. l雷竞技
  5. Beginner Basics

Firewall rules

Locked
User avatar
herbrico
newbie
Topic Author
Posts: 25
Joined: Mon Dec 31, 2012 4:19 pm
Location:Croatia, Sisak

Firewall rules

Sat Nov 22, 2014 12:12 pm

Hello everyone, I have some problems with the firewall, the firewall will not block ssh brute force login and put attacker in ssh_blacklist. This is my firewall configuration, so if someone can look and say what the problem is.
ROS 6.22
Code:Select all 
/ip firewall filter add action=drop chain=input comment=\ "Drop Invalid connections" connection-state=invalid add chain=input comment="Allow established connections" connection-state=\ established,related,new add chain=input comment="Allow ICMP" protocol=icmp add chain=input comment="allow l2tp" dst-port=1701 protocol=udp add chain=input comment="allow pptp" dst-port=1723 protocol=tcp add chain=input comment="allow sstp" dst-port=443 protocol=tcp add chain=input comment="Allow connections to router only localy" \ in-interface=!ppp-out1-vip src-address=x.x.x.x/x add chain=input in-interface=!ppp-out1-vip src-address=x.x.x.x/x add chain=input in-interface=!ppp-out1-vip src-address=x.x.x.x/x add chain=input in-interface=!ppp-out1-vip src-address=x.x.x.x/x add action=drop chain=input comment="Drop everything else" add action=drop chain=forward comment=\ "drop invalid connections" connection-state=invalid \ protocol=tcp add chain=forward comment="allow already established & related connections" \ connection-state=established,related,new add action=drop chain=forward comment="Block \"bogon\" IP addresses " \ src-address=0.0.0.0/8 add action=drop chain=forward dst-address=0.0.0.0/8 add action=drop chain=forward src-address=127.0.0.0/8 add action=drop chain=forward dst-address=127.0.0.0/8 add action=drop chain=forward src-address=224.0.0.0/3 add action=drop chain=forward dst-address=224.0.0.0/3 add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \ protocol=tcp src-address-list=ftp_blacklist add chain=output content="530 Login incorrect" dst-limit=\ 1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist \ address-list-timeout=3h chain=output content="530 Login incorrect" \ protocol=tcp add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \ protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \ protocol=tcp src-address-list=ssh_blacklist
Top
Locked

Who is online

Users browsing this forum:tangentand 25 guests
  4. l雷竞技
  5. Beginner Basics