Hi all,
does anyone have a script to block (DROP) a certain IP after 3 (or any number) of invalid SSH/FTP attempts? I added some IP's manually to the firewall (IP -> FIREWALL -> Filter rules -> ... -> Action DROP) but sometimes I don't have time to check out the log manually.
I am asking because lately my RB532's are under attack from quite a few IP's trying out combinations of user names/passwords and I don't have time to block every IP manually.
Can someone help?
Thank you in advance
john
u can of course by adding some rules to ur input chain
with action trapit and action addto address list (let's say kind of IDS)
with action trapit and action addto address list (let's say kind of IDS)
Code: Select all
4 ;;; detect and drop port scan connections
chain=input protocol=tcp psd=21,3s,3,1 action=drop
5 ;;; suppress DoS attack
chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit
6 ;;; detect DoS attack
chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d
Re: Script to add IP's to firewall blocklist (DROP)
-------------------------------------------------------------------------------------Hi all,
does anyone have a script to block (DROP) a certain IP after 3 (or any number) of invalid SSH/FTP attempts? I added some IP's manually to the firewall (IP -> FIREWALL -> Filter rules -> ... -> Action DROP) but sometimes I don't have time to check out the log manually.
I am asking because lately my RB532's are under attack from quite a few IP's trying out combinations of user names/passwords and I don't have time to block every IP manually.
Can someone help?
Thank you in advance
john
Hello All,
Just manage to submenu [/ip service] this's simple solution for protect your Router.
Peace all
Balimore DOT com
-------------------------------------------------------------------------------------