mikrotik-fwban.cfg

[settings]
 blocktime = 8h
 autodelete = true
 verbose = true
 port = 10514

[regexps]
 # SSH
 # Failed password for root from 60.173.26.187 port 8962 ssh2
 # Failed password for invalid user admin from 117.255.228.117 port 56975 ssh2
 re = "Failed password for(?: invalid user)? (?P<USER>\\S+) from (?P<IP>\\S+) port \\d+ ssh2"
 test-re = "Failed password for root from 60.173.26.187 port 8962 ssh2"
 test-re = "Failed password for invalid user admin from 117.255.228.117 port 56975 ssh2"

 # SIP
 # res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1470564152-568894",Severity="Error",Service="SIP",EventVersion="2",AccountID="0046462885062",SessionID="0x7f7af809ca68",LocalAddress="IPV4/UDP/82.197.195.165/5060",RemoteAddress="IPV4/UDP/89.163.242.84/5090",Challenge="5a6ced1d",ReceivedChallenge="5a6ced1d",ReceivedHash="2d22a1604bb905e988a54daf489ea18a"
 re = "SecurityEvent=\"InvalidPassword\",.*RemoteAddress=\"IPV4/UDP/(?P<IP>[0-9.]+)/\\d+\""
 test-re = "res_security_log.c: SecurityEvent=\"InvalidPassword\",EventTV=\"1470564152-568894\",Severity=\"Error\",Service=\"SIP\",EventVersion=\"2\",AccountID=\"0046462885062\",SessionID=\"0x7f7af809ca68\",LocalAddress=\"IPV4/UDP/82.197.195.165/5060\",RemoteAddress=\"IPV4/UDP/89.163.242.84/5090\",Challenge=\"5a6ced1d\",ReceivedChallenge=\"5a6ced1d\",ReceivedHash=\"2d22a1604bb905e988a54daf489ea18a\""

[Mikrotik "local"]
 address = 192.168.10.yy
 user = blacklister
 passwd = xxxxxxx
 banlist = blacklist
 whitelist = @admins
 whitelist = 192.168.10.0/24
 whitelist = 2001:610:xxx:yyyy::/64
 blacklist = 192.168.254.1/24 	# These guys pissed me off big time

[Mikrotik "remote"]
# disabled = true
 address = 192.168.88.ww
 usetls = true
 user = blacklister
 passwd = yyyyyyy
 whitelist = @admins
 whitelist = 192.168.10.0/24
 whitelist = 192.168.88.0/24
 whitelist = 2001:610:xxx:yyyy::/64