2025-04-10, 03:19 PM
(2025-04-10, 02:15 PM)Duvel Wrote: Looks like the default firewall bouncer if crowdsec : https://github.com/crowdsecurity/cs-firewall-bouncer
Unsure if you got it installed by default or if you installed it manually...
So basically that one's acts like fail2ban and modifies the iptables of your Linux to block the alerted IPs. That's a nice addition that would prevent an IP blocked to reach the whole Linux server.
This is only a little plus depending on your architecture.
If the only way to reach your webfacing server is through Caddy, then it's mostly useless because the caddy bouncer will block all those IPs.
Now if you have other ports opened, it might become usefull.
For my architecture it is useless, because I have a crowdsec bouncer on my main gate, with is the pfsense router, and both the router and caddy bouncer are connected to my Crowdsec Lapi. So whenever something is detected by the Caddy bouncer, the LAPI will propagate it to the pfsense bouncer, which will block the IP on the firewall.
On top of this your LAPI also propagate your detected IPs to the central servers and everyone can benefit it.
That's the beauty of Crowdsec approach.
Ah, I think I installed iptables it by following Crowdsec documentation. For my case, there is only 1 port opened and the server, as far as I understand it, is only reacheable through Caddy. Thanks for your supplementary details, it is much clearer in my head now.
For Nginx, there is a tutorial that might be useful : https://www.crowdsec.net/blog/crowdsec-w...xy-manager
Not sure if it's useful though.