/ip firewall filter
add action=drop chain=forward comment="rdp brutforce" dst-port=3389 in-interface=inet protocol=tcp src-address-list=RDP_Drop
add action=add-src-to-address-list address-list=RDP_Drop address-list-timeout=none-static chain=forward \
dst-address=192.168.1.200 dst-port=3389 log=yes log-prefix=FW_BAN protocol=tcp src-address-list=rdp_brutforce_level3 tcp-flags=syn
add action=add-src-to-address-list address-list=rdp_brutforce_level3 address-list-timeout=30m chain=forward \
dst-address=192.168.1.200 dst-port=3389 log=yes log-prefix=FW_Lev3 protocol=tcp src-address-list=rdp_brutforce_level2 tcp-flags=syn
add action=add-src-to-address-list address-list=rdp_brutforce_level2 address-list-timeout=30m chain=forward \
dst-address=192.168.1.200 dst-port=3389 log=yes log-prefix=FW_Lev2 protocol=tcp src-address-list=rdp_brutforce_level1 tcp-flags=syn
add action=add-src-to-address-list address-list=rdp_brutforce_level1 address-list-timeout=30m chain=forward \
dst-address=192.168.1.200 dst-port=3389 log=yes log-prefix=FW_Lev1 protocol=tcp tcp-flags=syn
16 Авг2020
RDP блокировка подбора паролей.
Теги: bruteforce, rdp