# Service if checkip in checknet:global isIpMatchNet do={ :if ( [:typeof

1. # Service if checkip in checknet
2. :global isIpMatchNet do={
3. :if ( [:typeof $checkip] = "nil" || [:typeof $checkip] = "num" || [:typeof $checkip] = "bool" ) do={ :return false; };
4. :if ( [:typeof $checkip] = "str" && ( [:len $checkip] < 7 || [:len $checkip] > 15 ) ) do={ :return false; };
5. :if ( [:typeof $checknet] = "nil" || [:typeof $checknet] = "num" || [:typeof $checknet] = "bool" ) do={ :return false; };
6. :if ( [:typeof $checknet] = "str" && ( [:len $checknet] < 7 || [:len $checknet] > 31 ) ) do={ :return false; };
7. :if ( [:typeof [:find $checknet "/"]] = "num" ) do={
8. :return ( [:toip $checkip] in $checknet );
9. };
10. :if ( [:typeof [:find $checknet "-"]] = "num" ) do={
11. :local lowip [:toip [:pick $checknet 0 [:find $checknet "-"]]];
12. :local highip [:toip [:pick $checknet ( [:find $checknet "-"] + 1) [:len $checknet]]];
13. if ( $lowip <= [:toip $checkip] and [:toip $checkip] <= $highip ) do={ :return true; };
14. };
15. :if ( [:typeof [:toip $checknet]] = "ip" ) do={
16. if ( [:toip $checkip] = [:toip $checknet] ) do={ :return true; };
17. };
18. :return false;
19. };
20.  
21. # Parameters: banip, banlogin
22. :global badRdpLogin do={
23. # Check if banip is IP type
24. :if ( [:typeof $banip] = "nil" || [:typeof $banip] = "num" || [:typeof $banip] = "bool" ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $banip] . "; Login: " . [:tostr $banlogin] ); :return false; };
25. :if ( [:typeof $banip] = "str" && ( [:len $banip] < 7 || [:len $banip] > 15 ) ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $banip] . "; Login: " . [:tostr $banlogin] ); :return false; };
26. :local tempip [:toip $banip];
27. :if ( [:typeof $tempip] != "ip" ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $banip] . "; Login: " . [:tostr $banlogin] ); :return false; };
28. :local templogin "";
29. :if ( [:typeof $banlogin] = "str" ) do={ :set templogin $banlogin };
30. # Find banip in white-lists and ban-list
31. :local findInWhiteList false;
32. :foreach i in=[/ip firewall address-list find list="BGP" or list="DNS" or list="LAN" or list="PROVIDER" or list="RFC5735" or list="WHITELIST"] do={
33. :if ( [/ip firewall address-list get $i disabled]!=yes ) do={
34. :local lstaddr [/ip firewall address-list get $i address];
35. :global isIpMatchNet;
36. :if ( [$isIpMatchNet checkip=$tempip checknet=$lstaddr] ) do={
37. :set findInWhiteList true;
38. };
39. };
40. };
41. :if ( $findInWhiteList = true ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $tempip] . "; Login: " . $templogin ); :return false; };
42. # Ban ip and remove from first-attempt ftp list
43. /ip firewall address-list remove [find where list="ftp_attempt" && address=$tempip];
44. /ip firewall address-list add list="BLACK" address=$tempip timeout=3d;
45. :log info ( "RDP BRUTEFORCE: IP:" . [:tostr $tempip] . "; Login: " . $templogin );
46. };