AR2000/crowdsec-legacy-firewall-bouncer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity
15 Commits 2 Branches 0 Tags
09186aedacf2789cc84d90146973ba6dd8826b78
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
AR2000 09186aedac script feed from stdin via json 
Squashed commit of the following:

commit ad482533fa
Author: AR2000 <ar2000@ar2000.me>
Date:   Thu Jan 16 15:33:16 2025 +0100

    add jq to container

commit 79352ec046
Author: AR2000 <ar2000@ar2000.me>
Date:   Thu Jan 16 14:55:37 2025 +0100

    stdin

commit 3100810052
Author: AR2000 <ar2000@ar2000.me>
Date:   Thu Jan 16 14:33:05 2025 +0100

    test
2025-01-16 15:44:56 +01:00
.gitignore
build tools
2024-11-10 14:27:32 +01:00
bouncer.sh
script feed from stdin via json
2025-01-16 15:44:56 +01:00
build.sh
build tools
2024-11-10 14:27:32 +01:00
Dockerfile
script feed from stdin via json
2025-01-16 15:44:56 +01:00
LICENSE
MIT LICENSE
2024-11-10 13:40:13 +01:00
publish-dev.sh
script feed from stdin via json
2025-01-16 15:44:56 +01:00
publish.sh
build tools
2024-11-10 14:27:32 +01:00
README.md
fix doc error
2024-12-18 22:33:13 +01:00

README.md

crowdsec-legacy-firrewall-bouncer

A Crowdsec firewall bouncer based on crowdsec-custom-bouncer aimed at systems without support for ipset.

Tags :

Environment variables :

  • IPTABLES_COMMENT : if set, iptables will load the comment module and use the reason argument passed by crowdsec-custom-bouncer as the comment
  • IPTABLES_INSERT : insert new firewall rules at a fixed position
  • API_KEY : crowdsec api key
  • IPTABLES_CHAIN : chain to use

Configuration :

Set your custom configuration in the crowdsec-custom-bouncer.yaml.local file and mount it as a volume at the root of the container. See Overriding values or bouncers/custom for information about the configuration.

Example configuration :

log_mode: stdout
scenarios_containing: ["ssh"]
origins: ["cscli", "crowdsec"]
supported_decisions_types:
  - ban

Docker compose :

services:
    cs-firewall-bouncer:
        image: gitea.ar2000.me/ar2000/crowdsec-legacy-firewall-bouncer:legacy
        restart: unless-stopped
        environment:
            - IPTABLES_INSERT=3
            - IPTABLES_COMMENT=true
        cap_add:
            # allow modification of host's iptable
            - NET_ADMIN
            - NET_RAW
        network_mode: "host"
        volumes:
            - ./crowdsec-custom-bouncer.yaml.local:/crowdsec-custom-bouncer.yaml.local #load custom config values
Description
Crowdsec firewall bouncer for systems that does not support ipset. Base on crowdsec-custom-bouncer
crowdsecfirewall
Readme MIT 54 KiB
Languages
Shell 66.7%
Dockerfile 33.3%