Mikrotik as Fail2ban firewall

So its time to get Mikrotik acting as firewall. And for this i will use SSH key as our command to block ip’s will go via ssh commands. I am going to use address_lists on the mikrotik just because i have already rules set up for thos which i have manually populated in the past.

 

This howto can be found onĀ http://wiki.mikrotik.com/wiki/Use_Mikrotik_as_Fail2ban_firewall only change i will make to this is that i will use address-lists on mikrotik, so one rule for all addresses. I will have one temp_ban and perm_ban list to populate

Starting by creating an SSH key for our root user on server.

Now you need to upload your public ssh key, id_dsa.pub to mikrotik and add import it

And then we start congifuring mikrotik side, so we open an console on the mikrotik and add the linux user and import key to the same user

OK thats it for now on the mikrotik back configuring the server side again

And add this to the file

Now to create the mikrotik conf file which will be handling the banning on the mikrotik side

And in that file we write

and then we configure the jail.local file and section [ssh]

After this we just restart the fail2ban server

And now the list temp_ban on the mikrotik should get populated instead of iptables locally. Altho i noticed while testing that for every fail2ban service restart all the bans where deleted so we need to fix so that they are persistent after reboot/service restart. But after few hours of testing i could not find any way of re-populating fail2ban with temporary bans, they are acting as permanent bans because if i have command on unban to delete ip from my temp_ban.list then it seems that every restart of service runs the unban command and emptied my temp_ban.list. Will come back to this, atleast writing ip number to an file is viable solution for permanent bans so i will fix that in order and let temp bans be like they are now.

Leave a Reply

Your email address will not be published. Required fields are marked *