From a5d6d9cbe9d7d46a1d7076dd29a79b62ef99711d Mon Sep 17 00:00:00 2001
From: AR2000 <ar2000@ar2000.me>
Date: Sun, 10 Nov 2024 14:27:39 +0100
Subject: [PATCH] readme

---
 README.md | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e96576d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,42 @@
+# crowdsec-legacy-firrewall-bouncer
+A Crowdsec firewall bouncer based on [crowdsec-custom-bouncer](https://github.com/crowdsecurity/cs-custom-bouncer) aimed at systems without support for `ipset`.
+
+## Tags :
+- [gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:latest](https://gitea.ar2000.me/AR2000/-/packages/container/crowdsec-legacy-firewall-bouncer/latest) : `iptables-legacy`
+- [gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:legacy](https://gitea.ar2000.me/AR2000/-/packages/container/crowdsec-legacy-firewall-bouncer/legacy) : `iptables-legacy`
+- [gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:nft](https://gitea.ar2000.me/AR2000/-/packages/container/crowdsec-legacy-firewall-bouncer/nft) : `iptables-nft`
+
+## Environment variables :
+- `IPTABLES_COMMENT` : if set, iptables will load the `comment` module and use the reason argument passed by [crowdsec-custom-bouncer](https://github.com/crowdsecurity/cs-custom-bouncer) as the comment
+- `IPTABLES_INSERT` : insert new firewall rules at a fixed position
+- `API_KEY` : crowdsec api key
+
+## Configuration :
+Set your custom configuration in the `crowdsec-custom-bouncer.yaml.local` file and mount it as a volume at the root of the container. See [Overriding values](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration/#overriding-values) or [bouncers/custom](https://docs.crowdsec.net/u/bouncers/custom) for information about the configuration.
+
+### Example configuration :
+```yaml
+log_mode: stdout
+scenarios_containing: ["ssh"]
+origins: ["cscli", "crowdsec"]
+supported_decisions_types:
+  - ban
+```
+
+## Docker compose :
+```yaml
+services:
+    cs-firewall-bouncer:
+        image: gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:legacy
+        restart: unless-stopped
+        environment:
+            - IPTABLES_INSERT=3
+            - IPTABLES_COMMENT=true
+        cap_add:
+            # allow modification of host's iptable
+            - NET_ADMIN
+            - NET_RAW
+        network_mode: "host"
+        volumes:
+            - ./crowdsec-custom-bouncer.yaml.local:/crowdsec-custom-bouncer.yaml.local #load custom config values
+```
\ No newline at end of file