Somebody tries to connect my ftp from internet. How can I block his address not to connect to mine?
error is:
login failure for user Administrator from (ip address)
also another person always pings me.
Re: How can I block that person who tries to connect my ftp??
I have changed ftp's port but that bot still tries to log in. That causes traffic. I just want to block that bot's ip address. How can I do that?
Re: How can I block that person who tries to connect my ftp??
Code: Select all
/ip firewall filter add chain=input src-address=a.b.c.d action=dropThis code will drop all connections to the router from a.b.c.d. You may wish to narrow the net a little by specifying the protocol (TCP) and port.
Re: How can I block that person who tries to connect my ftp??
I did that from routing part. Is that also OK?where a.b.c.d is the IP Address you wish to blockCode: Select all/ip firewall filter add chain=input src-address=a.b.c.d action=drop
This code will drop all connections to the router from a.b.c.d. You may wish to narrow the net a little by specifying the protocol (TCP) and port.
Re: How can I block that person who tries to connect my ftp??
Well that code didn't helped me to get pings:where a.b.c.d is the IP Address you wish to blockCode: Select all/ip firewall filter add chain=input src-address=a.b.c.d action=drop
This code will drop all connections to the router from a.b.c.d. You may wish to narrow the net a little by specifying the protocol (TCP) and port.
/ip firewall filter add chain=input src-address=a.b.c.d action=drop
/ip firewall filter add chain=input dst-address=a.b.c.d action=drop
/ip firewall filter add chain=output src-address=a.b.c.d action=drop
/ip firewall filter add chain=output dst-address=a.b.c.d action=drop
I entered these 4 rules, but it still I can connect to other side and other side can connect to me.
In routing drop part, I couldn't connect other part but other part can connect me.
Re: How can I block that person who tries to connect my ftp??
You need only two "drop" rules to completely block a particular IP address. One in the input chain and the other in the forward chain. This rules must then be placed above all other "allow" rules, preferably at the very top of the filter rules.
you must replace "a.b.c.d" in the above codes with the ip address you wish to block and then move this rules to the very top in filter.
Code: Select all
/ip firewall filter add chain=input src-address=a.b.c.d action=drop
/ip firewall filter add chain=forward src-address=a.b.c.d action=dropRe: How can I block that person who tries to connect my ftp??
That let's me not to connect that ip, I don't want that ip to make connection to me.You need only two "drop" rules to completely block a particular IP address. One in the input chain and the other in the forward chain. This rules must then be placed above all other "allow" rules, preferably at the very top of the filter rules.
you must replace "a.b.c.d" in the above codes with the ip address you wish to block and then move this rules to the very top in filter.Code: Select all/ip firewall filter add chain=input src-address=a.b.c.d action=drop /ip firewall filter add chain=forward src-address=a.b.c.d action=drop
Re: How can I block that person who tries to connect my ftp??
Just my two cents worth:
Here is are some of the rules that we use on our production routers that allow for connection blocking by IP address and dynamic blocking for specified time by IP for given protocol (e.g ICMP). Just another method of blocking connections that I find to be a little easier to manage (which is needed when you have 40+ routerboards in the field). Also for the advanced users please forgive the step by step instructions, just trying to make it as easy to understand for beginners as possible. I know I still need the instructions from time to time.
To block/allow connections permanently you can add static entries into the BadPeople/GoodPeople list via the console like this:
You and also add static entries via WinBox like this:
1. Navigate to Address List
a. IP --> Firewall --> Address List
2. Add New Entry (Red plus sign)
3. Select GoodPeople/BadPeople from drop down list
4. Add IP address to block/allow
Hope it helps,
John Annis
The Wireless Web
Here is are some of the rules that we use on our production routers that allow for connection blocking by IP address and dynamic blocking for specified time by IP for given protocol (e.g ICMP). Just another method of blocking connections that I find to be a little easier to manage (which is needed when you have 40+ routerboards in the field). Also for the advanced users please forgive the step by step instructions, just trying to make it as easy to understand for beginners as possible. I know I still need the instructions from time to time.
Code: Select all
# Define Source lists for connections to block/allow
add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeople
add action=accept chain=ProtectRouter comment="Accept connections from good people" disabled=no src-address-list=GoodPeople
# Allow related connections
add action=accept chain=ProtectRouter comment="Allow related connections" connection-state=related disabled=no
# Dynamically Allow Connections
add action=accept chain=ProtectRouter comment="Accept < 5 pings" disabled=no limit=5/10s,1 protocol=icmp
add action=accept chain=ProtectRouter comment="Allow < 3 SSH attempts" disabled=no dst-port=22 limit=1/6s,1 protocol=tcp
# Dynamic Connection Blocking
# address-list - This parameter is set to the list we defined for our "BadPeople" list
# address-list-timeout - This parameter can be set to block for timed period if removed this equals always block
# chain - This parameter is set to the "ProtectRouter" chain for rule grouping and to allow related connections
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1h chain=ProtectRouter comment="Block > 5 pings" disabled=no protocol=icmp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block > 3 SSH attempts" connection-state=new disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block Port Scanners" disabled=no protocol=tcp psd=21,3s,3,1
Code: Select all
/ip firewall address-list add list=BadPeople address=xxx.xxx.xxx.xxx
1. Navigate to Address List
a. IP --> Firewall --> Address List
2. Add New Entry (Red plus sign)
3. Select GoodPeople/BadPeople from drop down list
4. Add IP address to block/allow
Hope it helps,
John Annis
The Wireless Web
Re: How can I block that person who tries to connect my ftp??
You make everything complicated. There's a only one person who is bad person, boogy man or whatever you call.
How can I block his address?
add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeople
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1h chain=ProtectRouter comment="Block > 5 pings" disabled=no protocol=icmp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block > 3 SSH attempts" connection-state=new disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block Port Scanners" disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall address-list add list=BadPeople address=xxx.xxx.xxx.xxx
are those enough to keep only badperson from my network? Anybody can ping and try to connect my router except that person who has xxx.xxx.xxx.xxx ip address. I just want to do that.
How can I block his address?
add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeople
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1h chain=ProtectRouter comment="Block > 5 pings" disabled=no protocol=icmp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block > 3 SSH attempts" connection-state=new disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block Port Scanners" disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall address-list add list=BadPeople address=xxx.xxx.xxx.xxx
are those enough to keep only badperson from my network? Anybody can ping and try to connect my router except that person who has xxx.xxx.xxx.xxx ip address. I just want to do that.
Re: How can I block that person who tries to connect my ftp??
sarpkaya:You make everything complicated. There's a only one person who is bad person, boogy man or whatever you call.
How can I block his address?
add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeople
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1h chain=ProtectRouter comment="Block > 5 pings" disabled=no protocol=icmp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block > 3 SSH attempts" connection-state=new disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block Port Scanners" disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall address-list add list=BadPeople address=xxx.xxx.xxx.xxx
are those enough to keep only badperson from my network? Anybody can ping and try to connect my router except that person who has xxx.xxx.xxx.xxx ip address. I just want to do that.
I apologize for the confusion, let me try to clarify the information in my original post.
If the only thing you want to do is block a single IP address then following two lines will accomplish just that.
Code: Select all
add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeople
/ip firewall address-list add list=BadPeople address=xxx.xxx.xxx.xxx
Code: Select all
# If a person pings my IP more than 5 times then block add their IP to the BadPeople list for 1 hour
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1h chain=ProtectRouter comment="Block > 5 pings" limit=5/10s,1 protocol=icmp
# If a person attempts more than 3 SSH connections in x time their IP to the BadPerson list for 1 day
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block > 3 SSH attempts" connection-state=new disabled=no dst-port=22 protocol=tcp limit=1/6s,1 protocol=tcp
# If a person attempts to port scan the router add their IP to the BadPerson list for 1 day
add action=add-src-to-address-list address-list=BadPeople address-list-timeout=1d chain=ProtectRouter comment="Block Port Scanners" disabled=no protocol=tcp psd=21,3s,3,1
John Annis
The Wireless Web
Re: How can I block that person who tries to connect my ftp??
what's the prefix of these 3 codes like /ip firewall? it is not working.
Re: How can I block that person who tries to connect my ftp??
sarpkaya:what's the prefix of these 3 codes like /ip firewall? it is not working.
Do you ever get the feeling that you always forget to include something important, I always re-read my post before submitting and inevitably always for get something important. To apply those three rules via the console you need to be at /ip firewall filter.
Sorry about that,
John Annis
The Wireless Web
Re: How can I block that person who tries to connect my ftp??
/ip firewall add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeoplesarpkaya:what's the prefix of these 3 codes like /ip firewall? it is not working.
Do you ever get the feeling that you always forget to include something important, I always re-read my post before submitting and inevitably always for get something important. To apply those three rules via the console you need to be at /ip firewall filter.
Sorry about that,
John Annis
The Wireless Web
is not working. That's what I'm saying.
Re: How can I block that person who tries to connect my ftp??
sarpkaya:/ip firewall add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeoplesarpkaya:what's the prefix of these 3 codes like /ip firewall? it is not working.
Do you ever get the feeling that you always forget to include something important, I always re-read my post before submitting and inevitably always for get something important. To apply those three rules via the console you need to be at /ip firewall filter.
Sorry about that,
John Annis
The Wireless Web
is not working. That's what I'm saying.
Notice keyword filter in the console command below, it looks like you have forgot to include it when trying to add the rule to the firewall.
Code: Select all
/ip firewall filter add action=drop chain=ProtectRouter comment="Drop connections from bad people" disabled=no src-address-list=BadPeople
John Annis
The Wireless Web