Crowdsec-firewall-bouncer in a container

stephdl · March 29, 2024, 11:42am

Hello

Ready to get (in french) ‘une volée de bois vert’, but we are experimenting a way to use crowdsec-firewall-bouncer in a container.

We used to install it on the host with deb or rpm but this time we tried to get it workable within a rootfull container build with buildah and running by systemd and podman

buildah script

systemd service

We decided to go to nftables, ipset is going to be really old school, nftables is working well with firewalld (or firewalld works well with nftables :p)

Once started the container can receive orders from crowdsec container and interacts with nftables as we wish…

Well if you have suggestions, I can accept also do not go that way

iiAmLoz · March 29, 2024, 4:41pm

Looks awesome! the only comment I had was installing the repositories is a great way, but you could also just grab the binary direct from the releases of github page. Then you can make a more minimal container size from scratch.

But other than that looks great!

Topic		Replies	Views
Crowdsec-firewall-bouncer on openwrt not showing as connected to my instance on app.crowdsec.net crowdsec	6	650	June 14, 2023
Questions on Crowdsec multi-device setup crowdsec	8	855	January 31, 2023
Nubie need some assistant crowdsec	2	574	November 26, 2021
How to add bouncer to docker compose file? crowdsec	2	419	September 7, 2022
Docker / NPM and Firewall Bouncer crowdsec	5	1041	July 16, 2023

Crowdsec-firewall-bouncer in a container

Related Topics