Jump to content
Калькуляторы

Не отрабатывает правило drop по address list

Добрый день.

 

На микротике постоянно вижу попытку подключений по RDP на проброшенный порт (пусть и левый номер порта)

 

Создал правило в соответствии и документацией:

 

https://wiki.mikrotik.com/wiki/Bruteforce_login_prevention

 

Поднял правило на самый верх:

 

 4    ;;; drop ssh brute forcers
      chain=input action=drop src-address-list=ssh_blacklist log=yes log-prefix="BLACKLIST_DROP" 

 5    chain=forward action=drop src-address-list=ssh_blacklist log=yes log-prefix="BLACKLIST_FORWARD" 

 6    chain=input action=add-src-to-address-list connection-state=established,related,new protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist address-list-timeout=35w dst-port=3399 log=no log-prefix="" 

 7    chain=input action=add-src-to-address-list connection-state=established,related,new protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 address-list-timeout=1m dst-port=3399 log=no log-prefix="" 

 8    chain=input action=add-src-to-address-list connection-state=established,related,new protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 address-list-timeout=1m dst-port=3399 log=no log-prefix="" 

 9    chain=input action=add-src-to-address-list connection-state=established,related,new protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=3399 log=no log-prefix="" 

10    ;;; Drop Bruteforce
      chain=input action=add-src-to-address-list connection-limit=32,32 protocol=tcp address-list=ssh_blacklist address-list-timeout=none-dynamic log=no log-prefix="" 

Добавил вручную IP адреса в группу ssh_blacklist:

 

ip firewall address-list> print
Flags: X - disabled, D - dynamic 
 #   LIST                                                                                        ADDRESS                                                                                                         CREATION-TIME        TIMEOUT             
 0   ssh_blacklist                                                                               77.123.67.5                                                                                                     aug/06/2018 10:13:47
 1   ssh_blacklist                                                                               134.17.4.9                                                                                                      aug/06/2018 10:14:00
 2   ssh_blacklist                                                                               79.11.194.204                                                                                                   aug/06/2018 10:14:13

 

Но всё равно от них подключения в логе есть: https://yadi.sk/i/gGxEtcCd3ZvjL5

 

Подскажите, что я сделал не так?))

 

 

Edited by r1sh

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.