# crowdsec-legacy-firrewall-bouncer A Crowdsec firewall bouncer based on [crowdsec-custom-bouncer](https://github.com/crowdsecurity/cs-custom-bouncer) aimed at systems without support for `ipset`. ## Tags : - [gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:latest](https://gitea.ar2000.me/AR2000/-/packages/container/crowdsec-legacy-firewall-bouncer/latest) : `iptables-legacy` - [gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:legacy](https://gitea.ar2000.me/AR2000/-/packages/container/crowdsec-legacy-firewall-bouncer/legacy) : `iptables-legacy` - [gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:nft](https://gitea.ar2000.me/AR2000/-/packages/container/crowdsec-legacy-firewall-bouncer/nft) : `iptables-nft` ## Environment variables : - `IPTABLES_COMMENT` : if set, iptables will load the `comment` module and use the reason argument passed by [crowdsec-custom-bouncer](https://github.com/crowdsecurity/cs-custom-bouncer) as the comment - `IPTABLES_INSERT` : insert new firewall rules at a fixed position - `API_KEY` : crowdsec api key - `IPTABLES_CHAIN` : chain to use ## Configuration : Set your custom configuration in the `crowdsec-custom-bouncer.yaml.local` file and mount it as a volume at the root of the container. See [Overriding values](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration/#overriding-values) or [bouncers/custom](https://docs.crowdsec.net/u/bouncers/custom) for information about the configuration. ### Example configuration : ```yaml log_mode: stdout scenarios_containing: ["ssh"] origins: ["cscli", "crowdsec"] supported_decisions_types: - ban ``` ## Docker compose : ```yaml services: cs-firewall-bouncer: image: gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:legacy restart: unless-stopped environment: - IPTABLES_INSERT=3 - IPTABLES_COMMENT=true cap_add: # allow modification of host's iptable - NET_ADMIN - NET_RAW network_mode: "host" volumes: - ./crowdsec-custom-bouncer.yaml.local:/crowdsec-custom-bouncer.yaml.local #load custom config values ```