dibawah untuk usaha pertama masuk, jika membandel diproses ke tahap berikutnya
Code:
add chain=input protocol=tcp dst-port=22 connection-state=new \ action=add-src-to-address-list address-list=bl_list_ssh1 address-list-timeout=1m comment="" \ disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=bl_list_ssh1 action=add-src-to-address-list address-list=bl_list_ssh2 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=bl_list_ssh2 action=add-src-to-address-list address-list=bl_list_ssh3 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=bl_list_ssh3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \ comment="" disabled=no
Code:
/ ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \ comment="drop ssh brute forcers" disabled=no
cara 2, lebih simpel:
Code:
/ ip firewall filter add chain=input in-interface=ether1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop # accept 10 incorrect logins per minute / ip firewall filter add chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m #add to blacklist add chain=output action=add-dst-to-address-list protocol=tcp content=530 Login incorrect address-list=blacklist address-list-timeout=3h
kalo mo dibuat range juga bisa portnya tinggal dikasi dst-port=21-23 (utk ftp,ssh,telnet)
