/ip firewall filter
add action=drop chain=input comment="pptp brute force drop 1/4 - complete comunication DROP" disabled=no \
src-address-list=pptp_blacklist_DROP
add action=add-dst-to-address-list address-list=pptp_blacklist_DROP
address-list-timeout=10m chain=output comment="pptp brute force drop
2/4" \
content="bad username or password" disabled=no dst-address-list=pptp_blacklist_stage_2 protocol=gre
add action=add-dst-to-address-list address-list=pptp_blacklist_stage_2
address-list-timeout=1m chain=output comment="pptp brute force drop 3/4"
\
content="bad username or password" disabled=no dst-address-list=pptp_blacklist_stage_1 protocol=gre
add action=add-dst-to-address-list address-list=pptp_blacklist_stage_1
address-list-timeout=1m chain=output comment="pptp brute force drop 4/4"
\
content="bad username or password" disabled=no protocol=gre
