Winbox give access to a specific IP address.

To prevent abuse, you can determine the IP address may be used to log into the router Mikrotik board. This may include other services such as ssh, ftp, etc.
Caution: Do not add an IP address that is not assigned to your PC or laptop, otherwise you can not log on the router board.
services
Click "ip" then on "Services"
services
Double-click "winbox" I'm going to take this as an example.
services
Click the down arrow to enter an IP address.
services
Enter the IP address of your PC or laptop is explained knows.
services
Klik vervolgens op "apply" en "ok"
Result
services
So, now you can just only log in to the router board with the entered IP address.
To secure even more you can determine in the firewall settings login attempts and block. You can see that below.
Unauthorized logging occur on the Mikrotik router board.
You can create a firewall rule for unauthorized people to repel to log in. The firewall will report if there is a log-in attempt performed. When login attempts, the firewall will create a list of IP addresses that were used to log in and try to block temporarily.
Required files
Klik op "IP" "Firewall" "Filter rules".
  • In "chain" select "input".
  • At "protocol" you select 6 (tcp)
  • Bij "DST.Port" (destination port) vul je 20-23 in.
Click through for more "action".
Required files
  • Bij "action" selecteer "add scr to address list".
  • Bij "address list" selecteer "trying_to_login".
    At "timeout" enter the number of days that this IP_address to be blocked.
Required files
This is the result, if you are in "firewall" "address lists look you see the IP addresses used to log in and these are blocked on your setting. In this example, SSH firewall blocks and telnet You can also winbox and add FTP port.

Comments

Popular Posts