CrowdSec

docker exec crowdsec cscli metrics

Bouncers

Bouncer Firewall config

# cat /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
api_url: http://127.0.0.1:8080/
api_key: "APIKEY"
log_level: info
setup_firewall: true
mode: ipset
ipset_type: hash:ip
blacklists_ipv4: crowdsec-blacklists
blacklists_ipv6: crowdsec6-blacklists
iptables_chains:
  - INPUT
deny_action: DROP
deny_log: true
supported_decisions_types:
  - ban

Bouncers check API

# manual test
sudo crowdsec-firewalld-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml

# request to check API witout bouner application1
curl -v -H "X-Api-Key: APIKEY" http://127.0.0.1:8080/v1/decisions/stream?startup=true

Check from CrowdSec

docker exec crowdsec cscli bouncers list

Decisions

docker exec crowdsec cscli decisions list

CAPI

docker exec crowdsec cscli capi status

Whitelist

vim /etc/crowdsec/parsers/s02-enrich/whitelists.yaml

ipset

https://docs.crowdsec.net/u/bouncers/firewall/

ipset create crowdsec-blacklists hash:ip timeout 0 maxelem 150000
ipset create crowdsec6-blacklists hash:ip timeout 0 family inet6 maxelem 150000
iptables -I INPUT 1 -m set --match-set crowdsec-blacklists src -j DROP
ip6tables -I INPUT 1 -m set --match-set crowdsec6-blacklists src -j DROP

or configure in firewalld by ansible