CrowdSec just wreaked havoc home by banning the IP of my Home Assistant.
I must have forgotten to exclude my local subnet or maybe it’s running on the wrong interface.
crowdsec is running on my opnsense router and I never had issue so far. It is correctly banning some port scanning ports multiple times a day, so I know it’s running on the correct WAN interface, but I struggle to check if it’s also running on the LAN interfaces maybe…
Which part of the config would you recommend to check?
to add the specific public IPv4 and IPv6 of my router, as well as the delegated IPv6 prefix I get from my ISP and the private IPv6 I use.
I hope that’s enough, but I’m confused as to why the 1/ is not a default. It would seem a common scenario that on the local network something like Home Assistant will start scanning IPs to discover devices…
I also have a question about this. I installed CrowdSec on my OPNsense yesterday and performed a port scan using nmap today (within the local network). As a result, my client (local IP) in the local network was immediately blocked.
I removed the IP from the ban list using the shell command cscli decisions delete -i x.x.x.x.
Now, my question is whether the IP is now on the community ban list, and do I need to unblock it there as well?
I plan to use CrowdSec on multiple devices, and it would be a problem if the IP is in the ban list, preventing me from accessing the client via IPsec (VPN).
Not from a single report because we dont want poisoning attempts, the IP must be reported by a diverse set of machines to end up in the community blocklist.