Горячее
Лучшее
Свежее
Подписки
Сообщества
Блоги
Эксперты
24

О защите микротиков

К посту http://pikabu.ru/story/mikrotik__odin_iz_luchshikh_domashnik...

fail2ban для микротика, коротко и просто, открываем через winbox - new terminal и копипастим сии строки


/ip firewall filter

add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist

add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3

add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2

add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1

add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp

add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist

add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage3

add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage2

add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage1

add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp

add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 protocol=tcp src-address-list=winbox_blacklist

add action=add-src-to-address-list address-list=winbox_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage3

add action=add-src-to-address-list address-list=winbox_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage2

add action=add-src-to-address-list address-list=winbox_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage1

add action=add-src-to-address-list address-list=winbox_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp



По необходимости правим порты  на свои, добавляем копипастом необходимое.

Системное администрирование Mikrotik Злобные хакеры Текст
40

Лига Сисадминов

2.4K постов18.9K подписчиков

Добавить пост

Правила сообщества

Мы здесь рады любым постам связанным с рабочими буднями специалистов нашей сферы деятельности.

Все комментарии Автора