====== fail2ban для Mikrotik ======


Взято отсюда: http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH)
<code bash>
/ip firewall filter

add chain=input protocol=tcp dst-port=8291,22 src-address-list=ssh_blacklist \
action=drop comment="drop ssh brute forcers"

add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage4 \
action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1h

add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage3 \
action=add-src-to-address-list address-list=ssh_stage4 address-list-timeout=1m

add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage2 \
action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m

add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m

add chain=input protocol=tcp dst-port=8291,22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m
</code>

Динамически банит IP на 1 час после 4 неудачных попыток входа в течении минуты по Winbox или SSH