Confusion after reading readme and installing

The readme plays a gif of " Out of the box detection" and bans ip. But after the installation there’ s a message saying it would not ban anything unless a bouncer is configured. My question is does it ban ssh IP after default installation?

Hello !

Crowdsec itself provides the detection mechanism, but the counter measures are provided by the bouncers. If you want to ban IPs from ssh for example, you would need to use a bouncer such as the cs-firewall-bouncer (that you can find on the hub : https://hub.crowdsec.net/browse/#bouncers)

So to answer your question : “My question is does it ban ssh IP after default installation?” : No, you need to install a bouncer for this to happen. If you only install crowdsec, it will only “detect” the attacks.

1 Like