/ip firewall filter
add action=drop chain=input comment=\
"pptp brute force drop 1/4 - complete comunication DROP" \
disabled=no log=yes log-prefix=\
Block_PPTP_brutoforce \
src-address-list=pptp_blacklist_DROP place-before=0
add action=add-dst-to-address-list address-list=pptp_blacklist_DROP \
address-list-timeout=1h chain=output comment="pptp brute force drop 2/4" \
content="authentication failed" disabled=no dst-address-list=pptp_blacklist_stage_2 \
log=yes log-prefix=PPTP_drop_Log protocol=gre
add action=add-dst-to-address-list address-list=pptp_blacklist_stage_2 \
address-list-timeout=1m chain=output comment="pptp brute force drop 3/4" \
content="authentication failed" disabled=no \
dst-address-list=pptp_blacklist_stage_1 \
log=yes log-prefix=PPTP_drop_Log protocol=gre
add action=add-dst-to-address-list address-list=pptp_blacklist_stage_1 \
address-list-timeout=1m chain=output comment="pptp brute force drop 4/4" \
content="authentication failed" disabled=no \
log=yes log-prefix=PPTP_drop_Log protocol=gre
Related
