fail2ban для Mikrotik

Взято отсюда: http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH)

/ip firewall filter
 
add chain=input protocol=tcp dst-port=8291,22 src-address-list=ssh_blacklist \
action=drop comment="drop ssh brute forcers"
 
add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage4 \
action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1h
 
add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage3 \
action=add-src-to-address-list address-list=ssh_stage4 address-list-timeout=1m
 
add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage2 \
action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m
 
add chain=input protocol=tcp dst-port=8291,22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m
 
add chain=input protocol=tcp dst-port=8291,22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m

Динамически банит IP на 1 час после 4 неудачных попыток входа в течении минуты по Winbox или SSH