Router OS 6.4
PSD
/ip firewall filter
add action=add-src-to-address-list address-list=DROP_BRUTFORCE address-list-timeout=1w3d chain=input comment="Port Scan" connection-state=invalid,new in-interface-list=WAN log=yes log-prefix=PSD_ psd=21,3s,3,1
Fail2ban for SSH
/ip firewall filter
add action=add-src-to-address-list address-list=DROP_BRUTFORCE address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
Fail2Ban for Winbox
/ip firewall filter
add action=jump chain=output comment="F2B Winbox: Jump to Fail2Ban-Destination-IP chain" content="invalid user name or password" jump-target=Fail2Ban-Destination-IP protocol=tcp src-port=8291
add action=add-dst-to-address-list address-list=DROP_BRUTFORCE address-list-timeout=1w3d chain=Fail2Ban-Destination-IP comment="3 Attempt --> BlackList" dst-address-list=LoginFailure02
add action=add-dst-to-address-list address-list=LoginFailure02 address-list-timeout=2m chain=Fail2Ban-Destination-IP comment="2 Attempt --> LoginFailure02" dst-address-list=LoginFailure01
add action=add-dst-to-address-list address-list=LoginFailure01 address-list-timeout=1m chain=Fail2Ban-Destination-IP comment="1 Attempt --> LoginFailure01"
