от Настройка находится в IP->Firewall
/ip firewall filter add action=drop chain=input comment="Drop - port scanners" src-address-list=\ Port-Scanners add action=drop chain=forward comment="Drop - port scanners" \ src-address-list=Port-Scanners add action=add-src-to-address-list address-list=Port-Scanners \ address-list-timeout=2w chain=input comment="Scan - Scan Ports" protocol=\ tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list=Port-Scanners \ address-list-timeout=2w chain=input comment=\ "Scan - NMAP FIN Stealth scan" protocol=tcp tcp-flags=\ fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list=Port-Scanners \ address-list-timeout=2w chain=input comment="Scan - SYN/FIN scan" \ protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list=Port-Scanners \ address-list-timeout=2w chain=input comment="Scan - SYN/RST scan" \ protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list=Port-Scanners \ address-list-timeout=2w chain=input comment="Scan - FIN/PSH/URG scan" \ protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list=Port-Scanners \ address-list-timeout=2w chain=input comment="Scan - ALL/ALL scan" \ protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list=Port-Scanners \ address-list-timeout=2w chain=input comment="Scan - NMAP NULL scan" \ protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
значения Timeout:
- 14d 00:00:00;
- none dynamic – будет находиться в address list до перезагрузки роутера;
- none static – постоянная запись(сохраняется в конфигурации).
По результатам работы сканера создаются записи в Address Lists, которым запрещен доступ в цепочке input на 14 дней.
