|
本帖最后由 wang212 于 2021-2-19 18:11 编辑
把从外网登陆你80和8291端口的IP加到列表中,如果连续登陆则拒绝它登陆一定的时间段(可根据需要修改长短),代码如下:
/ip firewall filter
add action=drop chain=input comment="Drop bruteforcers list" disabled=no \
protocol=tcp src-address-list=bruteforcers
add action=add-src-to-address-list address-list=bruteforcers \
address-list-timeout=1w chain=input comment="SSH bruteforce attempt 3" \
connection-state=new disabled=no dst-port=80,8291 \
protocol=tcp src-address-list=ssh_attempt_2
add action=add-src-to-address-list address-list=ssh_attempt_2 \
address-list-timeout=1m chain=input comment="SSH bruteforce attempt 2" \
connection-state=new disabled=no dst-port=80,8291 \
protocol=tcp src-address-list=ssh_attempt_1
add action=add-src-to-address-list address-list=ssh_attempt_1 \
address-list-timeout=1m chain=input comment="SSH bruteforce attempt 1" \
connection-state=new disabled=no dst-port=80,8291 \
protocol=tcp src-address-list=!lan
/ip firewall address-list
add address=192.168.8.0/24 disabled=no list=lan
add address=192.168.16.0/24 disabled=no list=lan
|
|