mikrotik:scripting:block_invalid_login

Mikrotik: Block invalid SSH and FTP login attempts

Paste this into Mikrotik terminal

/ip firewall filter
add action=log chain=input comment="Drop FTP Brute Force" disabled=no dst-port=21 log-prefix=FTP_DROP protocol=tcp src-address-list=ftp_blacklist
add action=drop chain=input comment="Drop FTP Brute Force" disabled=no dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output comment="Drop FTP Brute Force - Allow 'Incorrect Login' reply" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output comment="Drop FTP Brute Force - Failed login IP to List: Drop" content="530 Login incorrect" disabled=no protocol=tcp
add action=log chain=input comment="Drop SSH Brute Force" disabled=no dst-port=22 log-prefix=SSH_DROP protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=input comment="Drop SSH Brute Force" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input comment="Drop SSH Brute Force - Failed login IP to List: Drop" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment="Drop SSH Brute Force - Failed login IP to List: Stage 3" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment="Drop SSH Brute Force - Failed login IP to List: Stage 2" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment="Drop SSH Brute Force - Failed login IP to List: Stage 1" connection-state=new disabled=no dst-port=22 protocol=tcp
  • mikrotik/scripting/block_invalid_login.txt
  • Last modified: 2019/10/31 09:05
  • by 127.0.0.1