Bruteforce login prevention

From MikroTik Wiki
Revision as of 14:04, 18 July 2007 by Janisk (talk | contribs)
Jump to navigation Jump to search

Stops people trying to bruteforce SSH login


/ ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
    comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
    comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m \
    comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m \
    comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
    action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" \
    disabled=no


by omega-00 (forum user)