crowdsec-legacy-firrewall-bouncer

A Crowdsec firewall bouncer based on crowdsec-custom-bouncer aimed at systems without support for ipset.

Tags :

• gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:latest : iptables-legacy
• gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:legacy : iptables-legacy
• gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:nft : iptables-nft

Environment variables :

• IPTABLES_COMMENT : if set, iptables will load the comment module and use the reason argument passed by crowdsec-custom-bouncer as the comment
• IPTABLES_INSERT : insert new firewall rules at a fixed position
• API_KEY : crowdsec api key
• IPTABLES_CHAIN : chain to use

Configuration :

Set your custom configuration in the crowdsec-custom-bouncer.yaml.local file and mount it as a volume at the root of the container. See Overriding values or bouncers/custom for information about the configuration.

Example configuration :

log_mode: stdout
scenarios_containing: ["ssh"]
origins: ["cscli", "crowdsec"]
supported_decisions_types:
  - ban

Docker compose :

services:
    cs-firewall-bouncer:
        image: gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:legacy
        restart: unless-stopped
        environment:
            - IPTABLES_INSERT=3
            - IPTABLES_COMMENT=true
        cap_add:
            # allow modification of host's iptable
            - NET_ADMIN
            - NET_RAW
        network_mode: "host"
        volumes:
            - ./crowdsec-custom-bouncer.yaml.local:/crowdsec-custom-bouncer.yaml.local #load custom config values