[Tutorial] Simple Mikrotik Firewall for DNS FTP SSH Telnet Winbox services HD
Simple firewall to protect your router. The script is at the bottom. Please turn on captions for more information. ! change [change_internet_interface] to WAN interface Firewall script: /ip firewall filter add action=drop chain=input comment="ddos dns" dst-port=53 in-interface=[change_internet_interface] protocol=udp add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=ftp_blacklist add chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage3 add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage2 add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage1 add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 protocol=tcp src-address-list=winbox_blacklist add action=add-src-to-address-list address-list=winbox_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage3 add action=add-src-to-address-list address-list=winbox_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage2 add action=add-src-to-address-list address-list=winbox_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage1 add action=add-src-to-address-list address-list=winbox_stage1 address-list-timeout=1m chain=input
![[Tutorial] Simple Mikrotik Firewall for DNS FTP SSH Telnet Winbox services](https://i.ytimg.com/vi/R7iRKDRxsD0/mqdefault.jpg)
HD
HD
HD
HD
HD
HD
HD![[OFFICIAL] FIRST NON-ANDROID OS FOR ANDROID DEVICE [Redmi 2] [Sailfish OS][Android App Support]](https://i.ytimg.com/vi/YUdep2m7LOg/mqdefault.jpg)
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD
HD