CrowdSec on opnsense banned a local IP

CrowdSec just wreaked havoc home by banning the IP of my Home Assistant.

I must have forgotten to exclude my local subnet or maybe it’s running on the wrong interface.

crowdsec is running on my opnsense router and I never had issue so far. It is correctly banning some port scanning ports multiple times a day, so I know it’s running on the correct WAN interface, but I struggle to check if it’s also running on the LAN interfaces maybe…

Which part of the config would you recommend to check?

ok, so I did two things:

https://app.crowdsec.net/hub/author/crowdsecurity/configurations/whitelists

and additionally

to add the specific public IPv4 and IPv6 of my router, as well as the delegated IPv6 prefix I get from my ISP and the private IPv6 I use.

I hope that’s enough, but I’m confused as to why the 1/ is not a default. It would seem a common scenario that on the local network something like Home Assistant will start scanning IPs to discover devices…

[Question]

Hello,

I also have a question about this. I installed CrowdSec on my OPNsense yesterday and performed a port scan using nmap today (within the local network). As a result, my client (local IP) in the local network was immediately blocked.

I removed the IP from the ban list using the shell command cscli decisions delete -i x.x.x.x.

Now, my question is whether the IP is now on the community ban list, and do I need to unblock it there as well?

I plan to use CrowdSec on multiple devices, and it would be a problem if the IP is in the ban list, preventing me from accessing the client via IPsec (VPN).

Not from a single report because we dont want poisoning attempts, the IP must be reported by a diverse set of machines to end up in the community blocklist.

Thank you. :grinning:

best regards debra