/ip firewall filter
add action=jump chain=input comment="Check Brute" disabled=no dst-port=8291 \
jump-target=Brute protocol=tcp
add action=accept chain=Brute comment="Allow WinBox safe hosts" \
connection-state=new disabled=no dst-port=8291 protocol=tcp \
src-address-list=safe
add action=add-src-to-address-list address-list=wb_blacklist \
address-list-timeout=1w3d chain=Brute comment=\
"WinBox brute forcers blacklisting" connection-state=new disabled=no \
dst-port=8291 protocol=tcp src-address-list=wb_stage3
add action=add-src-to-address-list address-list=wb_stage3 address-list-timeout=\
1m chain=Brute comment="WinBox brute forcers the third stage" \
connection-state=new disabled=no dst-port=8291 protocol=tcp \
src-address-list=wb_stage2
add action=add-src-to-address-list address-list=wb_stage2 address-list-timeout=\
1m chain=Brute comment="WinBox brute forcers the second stage" \
connection-state=new disabled=no dst-port=8291 protocol=tcp \
src-address-list=wb_stage1
add action=add-src-to-address-list address-list=wb_stage1 address-list-timeout=\
1m chain=Brute comment="WinBox brute forcers the first stage" \
connection-state=new disabled=no dst-port=8291 protocol=tcp
add action=drop chain=Brute comment="Drop WinBox brute forcers" disabled=no \
- dst-port=8291 protocol=tcp src-address-
- list=wb_blacklist
مصدره : محمد الزبيدي