原本的RouterOS防火牆遠端管理連續登入多次錯誤自動封鎖功能(防暴力破解),
為了避免管理員頻繁的登入導致觸發防火牆而把自己也給鎖了,增加了二條設定來排除這個問題.
如何使用……
1.打開winbox裡面的CLI視窗.
2.複製底下命令後貼入CLI視窗內按Enter即可.
3.匯入命令之後需調整防火牆的順序,把它上下移動到適當的位置(如圖片所示)
:global wanname [/interface ethernet get 0 name]
/interface list
add name=Wan_Internet
/interface list member
add interface=$wanname list=Wan_Internet
add interface=pppoe-out1 list=Wan_Internet
/ip firewall filter
add action=accept chain=input comment=\
“\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w–> \B6\B6\A7\C70 (\A9\F1\A6\E6\A6\A8\A5\\\B5n\A4J\AB\E1\AA\BAIP)” dst-port=21,22,23,8291 \
protocol=tcp src-address-list=login-ok
add action=add-src-to-address-list address-list=login-ok address-list-timeout=2d chain=input comment=\
“\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w–> \B6\B6\A7\C78 (\A6\A8\A5\\\B5n\A4J\AB\E1\AA\BAIP\A4\A3\A8\FC\B5n\A4J\A6\B8\BC\C6\BCv\C5T)” \
connection-rate=200k-5M connection-state=established dst-port=21,22,23,8291 in-interface-list=Wan_Internet protocol=tcp src-address-list=\
!login-ok
