Защита
Фильтрация по странам
Список стран:
Поменять CN на необходимую страну, либо добавить дополнительные строки с нужными странами:
/system scheduler
add disabled=no interval=1d name=CN on-event=backup policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/10/2020 start-time=00:00:01
/system script
add dont-require-permissions=no name=CN owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
\n/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/CN;\r\
\n/import file-name=CN;\r\
\n/file remove CN;\r\
\n"
/ip firewall raw
add chain=prerouting action=drop in-interface-list=WAN log=no log-prefix="" src-address-list=CN
RDP сервер за NAT
Если сервер на другом порту, сменить 3389 на нужный
/ip firewall filter add action=reject chain=forward reject-with=icmp-network-unreachable src-address-list="Blocked bruteforcers"
/ip firewall filter add action=add-src-to-address-list address-list="Blocked bruteforcers" address-list-timeout=60m chain=forward connection-state=new in-interface=EXT dst-port=3389 log=yes log-prefix="RDP BRUTEFORCE - " protocol=tcp src-address-list=rdp_bruteforce3
/ip firewall filter add action=add-src-to-address-list address-list=rdp_bruteforce3 address-list-timeout=15m chain=forward connection-state=new in-interface=EXT dst-port=3389 protocol=tcp src-address-list=rdp_bruteforce2
/ip firewall filter add action=add-src-to-address-list address-list=rdp_bruteforce2 address-list-timeout=15m chain=forward connection-state=new in-interface=EXT dst-port=3389 protocol=tcp src-address-list=rdp_bruteforce1
/ip firewall filter add action=add-src-to-address-list address-list=rdp_bruteforce1 address-list-timeout=15m chain=forward connection-state=new in-interface=EXT dst-port=3389 protocol=tcp