[You must be registered and logged in to see this image.]mikrotik
this firewall script is disallow bruteforce attact to our mikrotik router.
/ip firewall filer
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist\
action=drop comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list\
address-list=ssh_blacklist address-list-timeout=10d\
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list\
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new\
src-address-list=ssh_stage1 action=add-src-to-address-list\
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new\
action=add-src-to-address-list address-list=ssh_stage1\
address-list-timeout=1m comment="" disabled=no
Firewall rule for FTP bruteforce
/ip firewall filer
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist\
action=drop comment="drop ftp brute forcers"
add chain=output action=accept protocol=tcp content="530 Login incorrect"\
dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp content="530\
Login incorrect" address-list=ftp_blacklist address-list-timeout=3h
now after wu write this script rule, the brutforce attact will drop and
ip the attacker will be blacklist and can not access our router again.