CrowdSec just wreaked havoc home by banning the IP of my Home Assistant.
I must have forgotten to exclude my local subnet or maybe it’s running on the wrong interface.
crowdsec is running on my opnsense router and I never had issue so far. It is correctly banning some port scanning ports multiple times a day, so I know it’s running on the correct WAN interface, but I struggle to check if it’s also running on the LAN interfaces maybe…
Which part of the config would you recommend to check?
ok, so I did two things:
https://app.crowdsec.net/hub/author/crowdsecurity/configurations/whitelists
and additionally
to add the specific public IPv4 and IPv6 of my router, as well as the delegated IPv6 prefix I get from my ISP and the private IPv6 I use.
I hope that’s enough, but I’m confused as to why the 1/ is not a default. It would seem a common scenario that on the local network something like Home Assistant will start scanning IPs to discover devices…
[Question]
Hello,
I also have a question about this. I installed CrowdSec on my OPNsense yesterday and performed a port scan using nmap today (within the local network). As a result, my client (local IP) in the local network was immediately blocked.
I removed the IP from the ban list using the shell command cscli decisions delete -i x.x.x.x.
Now, my question is whether the IP is now on the community ban list, and do I need to unblock it there as well?
I plan to use CrowdSec on multiple devices, and it would be a problem if the IP is in the ban list, preventing me from accessing the client via IPsec (VPN).
Not from a single report because we dont want poisoning attempts, the IP must be reported by a diverse set of machines to end up in the community blocklist.
Thank you. 
best regards debra