[CODE]: Código Anti-Brute force Mikrotik

1.  
2. /*
3. *
4. *
5. * @Author: Glaubert Suyan Dacio
6. * @Data: 14/10/2018 -
7. * @Description:
8. * Sistema de segurança que bloqueia o ip do usuario caso ele erre a senha mais de 3x a senha da VPN
9. *
10. *
11. */
12.  
13.  
14.  
15. /ip firewall filter
16. add action=drop chain=input dst-port=1723,1701 protocol=tcp src-address-list=\
17. BLACKLIST
18. add action=add-src-to-address-list address-list=LVL01_BRUTEFORCE \
19. address-list-timeout=2m10s chain=input packet-mark=ANTIBRUTE01 \
20. src-address-list=!LVL01_BRUTEFORCE
21. add action=add-src-to-address-list address-list=LVL02_BRUTEFORCE \
22. address-list-timeout=2m10s chain=input packet-mark=ANTIBRUTE02 \
23. src-address-list=!LVL02_BRUTEFORCE
24. add action=add-src-to-address-list address-list=LVL03_BRUTEFORCE \
25. address-list-timeout=2m10s chain=input packet-mark=ANTIBRUTE03 \
26. src-address-list=!LVL03_BRUTEFORCE
27. add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=\
28. none-dynamic chain=input packet-mark=BLACK-LIST
29.  
30.  
31. /ip firewall mangle
32. add action=jump chain=input connection-state=new dst-port=1723,1701 \
33. jump-target=ANTI-BRUTEFORCE protocol=tcp
34. add action=jump chain=input connection-state=new dst-port=1723,1701 \
35. jump-target=ANTI-BRUTEFORCE protocol=udp
36. add action=mark-packet chain=ANTI-BRUTEFORCE new-packet-mark=ANTIBRUTE01 \
37. packet-mark=no-mark passthrough=yes src-address-list=!LVL01_BRUTEFORCE
38. add action=mark-packet chain=ANTI-BRUTEFORCE new-packet-mark=ANTIBRUTE02 \
39. packet-mark=no-mark passthrough=yes src-address-list=!LVL02_BRUTEFORCE
40. add action=mark-packet chain=ANTI-BRUTEFORCE new-packet-mark=ANTIBRUTE03 \
41. packet-mark=no-mark passthrough=yes src-address-list=!LVL03_BRUTEFORCE
42. add action=mark-packet chain=ANTI-BRUTEFORCE new-packet-mark=BLACK-LIST \
43. packet-mark=no-mark passthrough=yes src-address-list=LVL03_BRUTEFORCE