forked from Onoro/Mikrotik
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscript3.rsc
24 lines (24 loc) · 1.22 KB
/
script3.rsc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
*********************************************************
* Mikrotik L2TP protection. *
* https://github.com/Onoro/Mikrotik/ *
* *
*********************************************************
#variables
:local pop 3
:local ipaddr
#searching for "failed to get valid proposal." string in log.
:local l2tp [/log find message~"failed to get valid proposal."]
#walking through array
foreach i in=$l2tp do={
#searching IP address of remote host
:set ipaddr [:pick [/log get $i message ] 0 ([:len [/log get $i message ]]-30)]
#execute if quantity of "failed to get valid proposal." records more than pop variable
if ([:len [/log find message~"failed to get valid proposal."]]>=$pop) do={
#execute if IP address isn't in firewall adress-list
if ([:len [/ip firewall address-list find address=$ipaddr]]=0 ) do={
#supplementation IP to address-list
/ip firewall address-list add list=l2tp-brutforce address=[:toip $ipaddr]
/tool e-mail send to="[email protected]" start-tls=tls-only subject="L2TP allert" body="$ipaddr was blocked because of L2TP brutforce" server=[:resolve mail.my]
}
}
}