Mikrotik RouterOS ez 2013-06-29
新增以下防火牆條件,即可防止 RouterOS 的 SSH 被猜密碼!
/ip firewall filter add chain=input protocol=tcp dst-port=21,22,23,8291 src-address-list=login_blacklist action=drop comment="drop login brute forcers 1" disabled=no add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage5 action=add-src-to-address-list address-list=login_blacklist address-list-timeout=1d comment="drop login brute forcers 2" disabled=no add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage4 action=add-src-to-address-list address-list=login_stage5 address-list-timeout=1m comment="drop login brute forcers 3" disabled=no add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage3 action=add-src-to-address-list address-list=login_stage4 address-list-timeout=1m comment="drop login brute forcers 4" disabled=no add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage2 action=add-src-to-address-list address-list=login_stage3 address-list-timeout=1m comment="drop login brute forcers 5" disabled=no add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage1 action=add-src-to-address-list address-list=login_stage2 address-list-timeout=1m comment="drop login brute forcers 6" disabled=no add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new action=add-src-to-address-list address-list=login_stage1 address-list-timeout=1m comment="drop login brute forcers 7" disabled=no
本文章網址:
https://www.ez2o.com/Blog/Post/MikroTik-RouterOS-Guess-Prevent-Secret
https://www.ez2o.com/Blog/Post/371
https://www.ez2o.com/Blog/Post/MikroTik-RouterOS-Guess-Prevent-Secret
https://www.ez2o.com/Blog/Post/371