Admin address list (Change it for your desired IP) and also due to it after ping and knock 2 ports the dynamic Admin will be add to address list for 1 hour.
Code: Select all
/ip firewall address-list
add address=192.168.25.252 list=Admin
/ip firewall filter
add action=drop chain=input dst-port=20,21,22,23,80,8291 protocol=tcp \
src-address-list=!Admin
add action=add-src-to-address-list address-list=ICMP address-list-timeout=20s \
chain=input protocol=icmp comment="ICMP"
add action=add-src-to-address-list address-list="ICMP+TCP 10000" \
address-list-timeout=20s chain=input dst-port=10000 protocol=tcp \
src-address-list=ICMP comment="knockP1"
add action=add-src-to-address-list address-list=Admin address-list-timeout=1h \
chain=input dst-port=15000 protocol=tcp src-address-list="ICMP+TCP 10000" comment="knockP2"
Code: Select all
:local Salt 456
:local SaltPort 30
:local MainPort 10000
:local dateNow [/system clock get date];
:local dateNowDay [:pick $dateNow 4 6]
:local dateNowMonth [:pick $dateNow 0 3]
:local dateNowYear [:pick $dateNow 7 11]
:local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
:set dateNowMonth ([:find $months $dateNowMonth -1 ] + 1)
:local newPassword ("$dateNowYear" + "$dateNowDay" + "$dateNowMonth" - "$Salt");
:if ( $dateNowDay < 15 ) do={
:set newPassword ("$dateNowYear" - "$dateNowDay" - "$dateNowMonth" + "$Salt");
};
:local PortOne ("$MainPort" + "$newPassword" - "$SaltPort");
:local PortTwo ("$MainPort" - "$newPassword" + "$SaltPort");
/ip firewall filter set dst-port=$PortOne [find comment=knockP1];
/ip firewall filter set dst-port=$PortTwo [find comment=knockP2];
more info here and download the files :
[moreinfo][https://github.com/scriptik/miKnock]