Crowdsec-firewall-bouncer in a container

stephdl · March 29, 2024, 11:42am

Hello

Ready to get (in french) ‘une volée de bois vert’, but we are experimenting a way to use crowdsec-firewall-bouncer in a container.

We used to install it on the host with deb or rpm but this time we tried to get it workable within a rootfull container build with buildah and running by systemd and podman

buildah script

systemd service

We decided to go to nftables, ipset is going to be really old school, nftables is working well with firewalld (or firewalld works well with nftables :p)

Once started the container can receive orders from crowdsec container and interacts with nftables as we wish…

Well if you have suggestions, I can accept also do not go that way

iiAmLoz · March 29, 2024, 4:41pm

Looks awesome! the only comment I had was installing the repositories is a great way, but you could also just grab the binary direct from the releases of github page. Then you can make a more minimal container size from scratch.

But other than that looks great!

Topic		Replies	Views
Crowdsec-firewall-bouncer on openwrt not showing as connected to my instance on app.crowdsec.net crowdsec	6	1073	June 14, 2023
Questions on Crowdsec multi-device setup crowdsec	8	1179	January 31, 2023
Log nftables decisions crowdsec	1	203	May 6, 2024
Nubie need some assistant crowdsec	2	629	November 26, 2021
How to add bouncer to docker compose file? crowdsec	2	518	September 7, 2022

Crowdsec-firewall-bouncer in a container

Related topics