CrowdSec package for OpenWrt

klausagnoletti · December 3, 2021, 12:16pm

Will this work for TurrisOS as well? Or will it need customization?

Gandalf · December 3, 2021, 12:37pm

I am pretty sure it will work on TurrisOS without more customization than what is needed on OpenWrt.
It is 21.02.x based, but I also use it on 19.07.x
The installation process still need some customization and tweaks to be more user friendly and automated.
We have started to discuss it here at OpenWrt forum topic :

klausagnoletti · December 3, 2021, 12:57pm

Sweet. I just contacted Turris to suggest some sort of colaboration. I’ll keep you posted on the outcome

Gandalf · January 7, 2022, 1:50pm

Update (PR) to latest upstream release version done…

and

Will be forwarded to 21.02, as soon as validated !

Have an happy new year all…

Gandalf · January 7, 2022, 1:55pm

If you want to contribute and/or help to the OpenWrt specifics needs, please take a look at the topic here: Crowdsec packages for OpenWrt - For Developers - OpenWrt Forum

klausagnoletti · January 7, 2022, 9:58pm

Thanks for the link and for the update to 1.2.2. Someone’s asking for a wiki entry. I don’t know exactly what that means but I know that I am working along with our new ambassador, Precious, on a section in the official docs on installing on OpenWRT as well as an article on usage. And on top of that I created an issue on creating parsers for dropbear and uHTTPd so that CrowdSec on OpenWRT is able to protect itself

Gandalf · January 7, 2022, 10:21pm

A contributor made a quick wiki on official OpenWrt space:

Thanks for the issues about dropbear and uHTTPd !
I will try to get a look at it…

For the article about OpenWrt and CrowdSec, it is still in my TODO, I hope to get some time available to work on it…

klausagnoletti · January 9, 2022, 2:31pm

Hey and thanks! Our new ambassador will be working on an article. He’ll be happy to send it to you for comments. Will that be ok?

Gandalf · January 13, 2022, 4:37pm

Still a lot to do to tweaks fine the OpenWrt version; but today, the 21.02.x branch get the latest version of CrowdSec (1.2.2) and Crowdsec-Firewall-Bouncer (0.0.21) !

github.com/openwrt/packages

[21.02] crowdsec: update to 1.2.2

openwrt:openwrt-21.02 ← erdoukki:crowdsec-1.2.2-21.02

opened 10:04AM - 09 Jan 22 UTC

erdoukki

+10 -13

Maintainer: Kerma Gérald gandalf@gk2.net / @erdoukki Run tested: (test done on …MVEBU arch53 EspressoBin & EspressoBin-ULTRA, OpenWrt 19.07.x and 21.02.x) Compile tested: (arch=cortexa53, host=amd64) Description: Update crowdsec to latest upstream release version 1.2.2 Makefile rework - use tagged version for download (cherry picked from commit 2a34e4987bbd60091150de1886017426f10634ab) Signed-off-by: Kerma Gérald <gandalf@gk2.net>

github.com/openwrt/packages

[21.02] crowdsec-firewall-bouncer: update to 0.0.21

openwrt:openwrt-21.02 ← erdoukki:21.02-crowdsec-firewall-bouncer-0.0.21

opened 01:04PM - 10 Jan 22 UTC

erdoukki

+18 -22

Maintainer: Kerma Gérald gandalf@gk2.net / @erdoukki Run tested: (test done on …MVEBU arch53 EspressoBin & EspressoBin-ULTRA, OpenWrt 19.07.x and 21.02.x) Compile tested: (arch=cortexa53, host=amd64) Description: Update crowdsec-firewall-bouncer to latest upstream release version 0.0.21 Makefile rework - use tagged version for download Fixes - set API_KEY in firewall bouncer config file (cherry picked from commit b4f48b5c23d0b5d2ab9de2041edbf69a8f6ca013) Signed-off-by: Kerma Gérald <gandalf@gk2.net>

Gandalf · January 15, 2022, 8:32am

An OpenWrt user/contributor had started a wiki that you can look at:

I also just add some information about the firewall bouncer.

I found an issue on the initd of the latest release, the fix was proposed:

github.com/openwrt/packages

crowdsec-firewall-bouncer: fix initd script

openwrt:master ← erdoukki:crowdsec-firewall-bouncer-0.0.21-fix

opened 08:25AM - 15 Jan 22 UTC

erdoukki

+5 -5

Maintainer: Gérald Kerma / @erdoukki Compile tested: (aarch64_cortex-a53, espre…ssoBin, OpenWrt master and 21.02) Run tested: (aarch64_cortex-a53, espressoBin, OpenWrt 21.02.x and 19.07.x, tests done) Tests: installation and upgrade: ok ban working: ok service start/restart/stop/status/disable: ok logging: ok detection of firewall (iptables+ipset/nftables): ok OpenWrt Version tested: 21.02.x 19.07.x Description: crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer the initd need the correct binary name to start the process the link for github source need also to be fixed (only the information one) fix the BuildDate updated copyright ``` root@STARGATE:~# service crowdsec-firewall-bouncer restart iptables found nftables is not present root@STARGATE:~# ps | grep crowd 10051 root 783m S /usr/bin/crowdsec -c /var/etc/crowdsec/config.yaml 15744 root 694m S /usr/bin/cs-firewall-bouncer -c /var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml 15761 root 1228 S grep crowd ``` ``` root@STARGATE:~# cs-firewall-bouncer -V version: v0.0.21-openwrt-0.0.21-2 BuildDate: 2022-01-15_08:15:14 GoVersion: 1.13.8 ``` Signed-off-by: Kerma Gérald <gandalf@gk2.net>

OpenWrt may also use another Web Server than uHTTPd, and dropbear is also only the default ssh.
The both are not afford to the internet side of OpenWrt system, so no urgency about this for me.
Where are these issue opened ?
In case I could help on them…

I need to do more tests with my Docker services.
I want to protect them with my main OpenWrt GateWay/Router firewall, like I have done before with LXC services.
I still get no time to tests and share experiences on this type of installation.
And I get just no success with my first steps tests on ARM64 OpenWrt to get CrowdSec and Docker working…

As usual…
Stay tuned for more (or do it yourself…)

Gandalf · January 15, 2022, 8:46am

Please, do…
I can try help on this if I can !

klausagnoletti · January 15, 2022, 10:03am

Great! I’ll let you know when something’s ready. I created this issue on the missing parsers.

Gandalf · January 15, 2022, 10:16am

New upstream relase 1.2.3 of CrowdSec proposed to OpenWrt:

github.com/openwrt/packages

crowdsec: update from upstream latest release 1.2.3

openwrt:master ← erdoukki:crowdsec-1.2.3

opened 10:12AM - 15 Jan 22 UTC

erdoukki

+4 -4

Maintainer: Gérald Kerma / @erdoukki Compile tested: (aarch64_cortex-a53, espre…ssoBin, OpenWrt master and 21.02) Run tested: (aarch64_cortex-a53, espressoBin, OpenWrt 21.02, tests done) Tests: installation and upgrade: ok Description: update from latest upstream release 1.2.3 Changes (from 1.2.2): https://github.com/crowdsecurity/crowdsec/compare/v1.2.2...v1.2.3 Tests: ``` root@STARGATE:~# crowdsec --version 2022/01/15 11:06:46 version: v1.2.2-openwrt-1.2.2-1 2022/01/15 11:06:46 Codename: alphaga 2022/01/15 11:06:46 BuildDate: 2022-01-14_14:21:08 2022/01/15 11:06:46 GoVersion: 2022/01/15 11:06:46 Constraint_parser: >= 1.0, <= 2.0 2022/01/15 11:06:46 Constraint_scenario: >= 1.0, < 3.0 2022/01/15 11:06:46 Constraint_api: v1 2022/01/15 11:06:46 Constraint_acquis: >= 1.0, < 2.0 ``` ``` root@STARGATE:~# opkg install /root/crowdsec_1.2.3-2_aarch64_cortex-a53.ipk Upgrading crowdsec on root from 1.2.2-1 to 1.2.3-2... Configuring crowdsec. local API already registered... online API already registered... INFO[15-01-2022 11:07:37 AM] Wrote new 210740 bytes index to /etc/crowdsec/hub/.index.json WARN[15-01-2022 11:07:38 AM] crowdsecurity/syslog-logs : overwrite WARN[15-01-2022 11:07:38 AM] crowdsecurity/geoip-enrich : overwrite WARN[15-01-2022 11:07:38 AM] crowdsecurity/dateparse-enrich : overwrite WARN[15-01-2022 11:07:38 AM] crowdsecurity/sshd-logs : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/ssh-bf : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/ssh-slow-bf : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/sshd : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/sshd : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/linux : overwrite INFO[15-01-2022 11:07:39 AM] /etc/crowdsec/collections/sshd.yaml already exists. INFO[15-01-2022 11:07:39 AM] /etc/crowdsec/collections/linux.yaml already exists. INFO[15-01-2022 11:07:39 AM] Enabled crowdsecurity/linux INFO[15-01-2022 11:07:39 AM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective. WARN[15-01-2022 11:07:39 AM] crowdsecurity/whitelists : overwrite INFO[15-01-2022 11:07:39 AM] Enabled crowdsecurity/whitelists INFO[15-01-2022 11:07:39 AM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective. INFO[15-01-2022 11:07:40 AM] Upgrading collections INFO[15-01-2022 11:07:40 AM] crowdsecurity/linux : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/sshd : up-to-date INFO[15-01-2022 11:07:40 AM] All collections are already up-to-date INFO[15-01-2022 11:07:40 AM] Upgrading parsers INFO[15-01-2022 11:07:40 AM] crowdsecurity/geoip-enrich : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/whitelists : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/dateparse-enrich : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/syslog-logs : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/sshd-logs : up-to-date INFO[15-01-2022 11:07:40 AM] All parsers are already up-to-date INFO[15-01-2022 11:07:40 AM] Upgrading scenarios INFO[15-01-2022 11:07:40 AM] crowdsecurity/ssh-slow-bf : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/ssh-bf : up-to-date INFO[15-01-2022 11:07:40 AM] All scenarios are already up-to-date INFO[15-01-2022 11:07:40 AM] Upgrading postoverflows INFO[15-01-2022 11:07:40 AM] No postoverflows installed, nothing to upgrade uci: Entry not found Collected errors: * resolve_conffiles: Existing conffile /etc/crowdsec/online_api_credentials.yaml is different from the conffile in the new package. The new conffile will be placed at /etc/crowdsec/online_api_credentials.yaml-opkg. * resolve_conffiles: Existing conffile /etc/crowdsec/local_api_credentials.yaml is different from the conffile in the new package. The new conffile will be placed at /etc/crowdsec/local_api_credentials.yaml-opkg. * resolve_conffiles: Existing conffile /etc/crowdsec/config.yaml is different from the conffile in the new package. The new conffile will be placed at /etc/crowdsec/config.yaml-opkg. ``` ``` root@STARGATE:~# crowdsec --version 2022/01/15 11:08:38 version: v1.2.3-openwrt-1.2.3-2 2022/01/15 11:08:38 Codename: alphaga 2022/01/15 11:08:38 BuildDate: 2022-01-15_10:03:09 2022/01/15 11:08:38 GoVersion: 1.13.8 2022/01/15 11:08:38 Constraint_parser: >= 1.0, <= 2.0 2022/01/15 11:08:38 Constraint_scenario: >= 1.0, < 3.0 2022/01/15 11:08:38 Constraint_api: v1 2022/01/15 11:08:38 Constraint_acquis: >= 1.0, < 2.0 ``` Signed-off-by: Kerma Gérald <gandalf@gk2.net>

Gandalf · January 18, 2022, 7:55pm

Merged, and cherry-picked to a new PR for 21.02.x

github.com/openwrt/packages

[21.02] crowdsec: update from upstream latest release 1.2.3

openwrt:openwrt-21.02 ← erdoukki:crowdsec-1.2.3-21.02

opened 03:38PM - 18 Jan 22 UTC

erdoukki

+4 -4

Maintainer: Gérald Kerma / @erdoukki Compile tested: (aarch64_cortex-a53, espre…ssoBin, OpenWrt master and 21.02) Run tested: (aarch64_cortex-a53, espressoBin, OpenWrt 21.02.x and 19.07.x, tests done) Tests: installation and upgrade: ok logging: ok enroll in webconsole: ok cscli: ok service reload/restart/status/disable/enable: ok OpenWrt Version tested: 21.02.x 19.07.x Description: update from latest upstream release 1.2.3 updated copyright Changes (from 1.2.2): crowdsecurity/crowdsec@v1.2.2...v1.2.3 Tests: ``` root@STARGATE:~# crowdsec --version 2022/01/15 11:06:46 version: v1.2.2-openwrt-1.2.2-1 2022/01/15 11:06:46 Codename: alphaga 2022/01/15 11:06:46 BuildDate: 2022-01-14_14:21:08 2022/01/15 11:06:46 GoVersion: 2022/01/15 11:06:46 Constraint_parser: >= 1.0, <= 2.0 2022/01/15 11:06:46 Constraint_scenario: >= 1.0, < 3.0 2022/01/15 11:06:46 Constraint_api: v1 2022/01/15 11:06:46 Constraint_acquis: >= 1.0, < 2.0 ``` ``` root@STARGATE:~# opkg install /root/crowdsec_1.2.3-2_aarch64_cortex-a53.ipk Upgrading crowdsec on root from 1.2.2-1 to 1.2.3-2... Configuring crowdsec. local API already registered... online API already registered... INFO[15-01-2022 11:07:37 AM] Wrote new 210740 bytes index to /etc/crowdsec/hub/.index.json WARN[15-01-2022 11:07:38 AM] crowdsecurity/syslog-logs : overwrite WARN[15-01-2022 11:07:38 AM] crowdsecurity/geoip-enrich : overwrite WARN[15-01-2022 11:07:38 AM] crowdsecurity/dateparse-enrich : overwrite WARN[15-01-2022 11:07:38 AM] crowdsecurity/sshd-logs : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/ssh-bf : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/ssh-slow-bf : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/sshd : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/sshd : overwrite WARN[15-01-2022 11:07:39 AM] crowdsecurity/linux : overwrite INFO[15-01-2022 11:07:39 AM] /etc/crowdsec/collections/sshd.yaml already exists. INFO[15-01-2022 11:07:39 AM] /etc/crowdsec/collections/linux.yaml already exists. INFO[15-01-2022 11:07:39 AM] Enabled crowdsecurity/linux INFO[15-01-2022 11:07:39 AM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective. WARN[15-01-2022 11:07:39 AM] crowdsecurity/whitelists : overwrite INFO[15-01-2022 11:07:39 AM] Enabled crowdsecurity/whitelists INFO[15-01-2022 11:07:39 AM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective. INFO[15-01-2022 11:07:40 AM] Upgrading collections INFO[15-01-2022 11:07:40 AM] crowdsecurity/linux : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/sshd : up-to-date INFO[15-01-2022 11:07:40 AM] All collections are already up-to-date INFO[15-01-2022 11:07:40 AM] Upgrading parsers INFO[15-01-2022 11:07:40 AM] crowdsecurity/geoip-enrich : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/whitelists : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/dateparse-enrich : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/syslog-logs : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/sshd-logs : up-to-date INFO[15-01-2022 11:07:40 AM] All parsers are already up-to-date INFO[15-01-2022 11:07:40 AM] Upgrading scenarios INFO[15-01-2022 11:07:40 AM] crowdsecurity/ssh-slow-bf : up-to-date INFO[15-01-2022 11:07:40 AM] crowdsecurity/ssh-bf : up-to-date INFO[15-01-2022 11:07:40 AM] All scenarios are already up-to-date INFO[15-01-2022 11:07:40 AM] Upgrading postoverflows INFO[15-01-2022 11:07:40 AM] No postoverflows installed, nothing to upgrade uci: Entry not found Collected errors: * resolve_conffiles: Existing conffile /etc/crowdsec/online_api_credentials.yaml is different from the conffile in the new package. The new conffile will be placed at /etc/crowdsec/online_api_credentials.yaml-opkg. * resolve_conffiles: Existing conffile /etc/crowdsec/local_api_credentials.yaml is different from the conffile in the new package. The new conffile will be placed at /etc/crowdsec/local_api_credentials.yaml-opkg. * resolve_conffiles: Existing conffile /etc/crowdsec/config.yaml is different from the conffile in the new package. The new conffile will be placed at /etc/crowdsec/config.yaml-opkg. ``` ``` root@STARGATE:~# crowdsec --version 2022/01/15 11:08:38 version: v1.2.3-openwrt-1.2.3-2 2022/01/15 11:08:38 Codename: alphaga 2022/01/15 11:08:38 BuildDate: 2022-01-15_10:03:09 2022/01/15 11:08:38 GoVersion: 1.13.8 2022/01/15 11:08:38 Constraint_parser: >= 1.0, <= 2.0 2022/01/15 11:08:38 Constraint_scenario: >= 1.0, < 3.0 2022/01/15 11:08:38 Constraint_api: v1 2022/01/15 11:08:38 Constraint_acquis: >= 1.0, < 2.0 ``` (cherry picked from commit https://github.com/openwrt/packages/commit/de41b63ca45be91273e0ea97213b2a6a29ba2a9a) Signed-off-by: Kerma Gérald gandalf@gk2.net

plikmuny · January 21, 2022, 7:52am

Hi Gandalf, thanks for your help in installing Crowdsec, finally I got crowdsec running on my Rpi4 with Openwrt. But I have difficulty in choosing the collections or parsers. Do you have any default or may have collections for the post installation of crowdsec to be installed? I mean for the functioning of crowdsec, which further packages are necessary or just the setup is enough to do the job?

Gandalf · January 21, 2022, 9:18am

The OpenWrt packages as defaults already installed with the post process package.
It will cover all needed on OpenWrt system.

The CrowdSec team as in is TODO list to work on more specific components for OpenWrt.
I also will help on this or may be do some parts myself.

Please take a look at the official CrowdSec documentation if you want better understanding the possibilities of the tools.
You wan also look at the blog and tutorials already available.

The defaults setup is enough for 99% of the needs on OpenWrt.

The Wiki CrowdSec Documentation at OpenWrt Wiki still need enhancement to help end-user.
But I always try to be as much as possible user-friendly on the OpenWrt packages version of CrowdSec.
I may also wrote specific howto, maybe, later.

You may also try to explain the needs you want to cover which is not in the default configuration already if you want anyone to help ?

Gandalf · January 21, 2022, 10:12am

firewall fix PR for master merged !

github.com/openwrt/packages

crowdsec-firewall-bouncer: fix initd script

openwrt:master ← erdoukki:crowdsec-firewall-bouncer-0.0.21-fix

opened 08:25AM - 15 Jan 22 UTC

erdoukki

+5 -5

Maintainer: Gérald Kerma / @erdoukki Compile tested: (aarch64_cortex-a53, espre…ssoBin, OpenWrt master and 21.02) Run tested: (aarch64_cortex-a53, espressoBin, OpenWrt 21.02.x and 19.07.x, tests done) Tests: installation and upgrade: ok ban working: ok service start/restart/stop/status/disable: ok logging: ok detection of firewall (iptables+ipset/nftables): ok OpenWrt Version tested: 21.02.x 19.07.x Description: crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer the initd need the correct binary name to start the process the link for github source need also to be fixed (only the information one) fix the BuildDate updated copyright ``` root@STARGATE:~# service crowdsec-firewall-bouncer restart iptables found nftables is not present root@STARGATE:~# ps | grep crowd 10051 root 783m S /usr/bin/crowdsec -c /var/etc/crowdsec/config.yaml 15744 root 694m S /usr/bin/cs-firewall-bouncer -c /var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml 15761 root 1228 S grep crowd ``` ``` root@STARGATE:~# cs-firewall-bouncer -V version: v0.0.21-openwrt-0.0.21-2 BuildDate: 2022-01-15_08:15:14 GoVersion: 1.13.8 ``` Signed-off-by: Kerma Gérald <gandalf@gk2.net>

firewall initd fix for 21.02 (PR opened):

github.com/openwrt/packages

[21.02] crowdsec-firewall-bouncer: fix name in initd to start the process

openwrt:openwrt-21.02 ← erdoukki:crowdsec-firewall-bouncer-fix-21.02

opened 10:07AM - 21 Jan 22 UTC

erdoukki

+5 -5

Maintainer: Gérald Kerma / @erdoukki Compile tested: (aarch64_cortex-a53, espre…ssoBin, OpenWrt master and 21.02) Run tested: (aarch64_cortex-a53, espressoBin, OpenWrt 21.02.x, tests done) Tests: OK OpenWrt Version tested: 21.02.x Description: crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer the initd need the correct binary name to start the process the link for github source need also to be fixed (only the information one) fix the BuildDate updated copyright Signed-off-by: Kerma Gérald <gandalf@gk2.net> (cherry picked from commit d6b116cb43802048d883a13e2d2e95eea76ad565)

will resolve issue:

PRs for lua-cs-bouncer and crowdsec-nginx-bouncer:

github.com/openwrt/packages

lua-cs-bouncer: initial package

openwrt:master ← erdoukki:lua-cs-bouncer

opened 10:07AM - 21 Jan 22 UTC

erdoukki

+93 -0

Maintainer: Gérald Kerma / @erdoukki Compile tested: (aarch64_cortex-a53, espre…ssoBin, OpenWrt master and 21.02) Run tested: (aarch64_cortex-a53, espressoBin, OpenWrt 21.02.x, tests done) Tests: OK OpenWrt Version tested: 21.02.x Description: Lua Crowdsec Bouncer module Lua module to allow ip (or not) from CrowdSec API. https://github.com/crowdsecurity/lua-cs-bouncer required for crowdsec-nginx-bouncer Signed-off-by: Kerma Gérald <gandalf@gk2.net>

github.com/openwrt/packages

crowdsec-nginx-bouncer: initial package

openwrt:master ← erdoukki:crowdsec-nginx-bouncer

opened 10:08AM - 21 Jan 22 UTC

erdoukki

+97 -0

Maintainer: Gérald Kerma / @erdoukki Compile tested: (aarch64_cortex-a53, espre…ssoBin, OpenWrt master and 21.02) Run tested: (aarch64_cortex-a53, espressoBin, OpenWrt 21.02.x, tests done) Tests: OK OpenWrt Version tested: 21.02.x Required: https://github.com/openwrt/packages/pull/17667 Description: nginx bouncer for Crowdsec https://github.com/crowdsecurity/crowdsec-nginx-bouncer Crowdsec bouncer is a lua bouncer for nginx. New/unknown IP are checked against crowdsec API, and if request should be blocked, a 403 is returned to the user, and put in cache. Signed-off-by: Kerma Gérald <gandalf@gk2.net>

…stay tuned !

wulfy23 · January 23, 2022, 6:49am

planning to fix the;

uci-defaults firstboot problem?
ipv6 problem?

anytime soon? not sure why you pushed to have these in the stable branch with so many issues… wasting peoples time and creating an unfillable support burden on the crowdsec community… development branch is understandable… but stable branch was a mistake…

Gandalf · January 23, 2022, 9:22am

HIDDEN RIGHT OF REPLY (only) no useful technical contents

First time I hear of this !
Can you explain ?

Yourself only problem.
Need to be studied, but not urgent !

Sure, when I get some time !

So many issues ?
Really ?

Can I laugh ?
Do you really think this as valuable ?
Do you feel better by saying again ?

So anyone can test and help, but not request, for himself !

It was so hard to be accepted at first, but take you on some others able to test and evaluate the CrowdSec solution !

Do you feel your sentence as judgment, or do you express your effort as valuable ?

I do not see anything from you on this work for sharing any valuable information.
Nothing on the Wiki, nothing as trolling and bad meaning !

@wulfy23
As I said, if you want your need being taking done as professional service, I may be open to your sponsorship !
If not, now way, I get it when I can, when I want, when I need, when I feel to !
No one but you at the OpenWrt subject about CrowdSec package take so bad feeling and so aggressive words than you do.
It makes some time now you decide to become trolling all I do !
You take from respectuous fan feeling to bad aggressive trolling…
What may have I done to you ?
What take you to this bad minding !
You become bad and more bad at OpenWrt, not followed by anyone, then you get more here !?
Great, if you like it…
I do not understand, but I my have to give a try than some off the population on this earth are not able to prefer judgment and war to effort and share.
You take so time on this, I have to take the point.

Do you really think you will get any results with this like ?
I may give you just one last full answer about all, then I will ignore, and may be no apologize may ever take you back…

I do not work for money at OpenWrt !
but, I trust in the best of all…
I am human and may do some errors !
but, I learn and always share my fixes…

OpenWrt is a hobby, it is a pleasure to collaborate, it is a community mainly trusting and respecting human care…
CrowdSec share the same spirit for me, with innovative and collaborative solution, that I share with OpenWrt people…
This all was a beautiful adventure, and it is just a start…

If you find serenity and happiness, some may be jealous. Be happy anyway.
(M.T.)

At all others, sorry for the noise, I may trash this “answer” if you prefer, but I need to explain, because trolls also may be save from themselves, may be !

Official OpenWrt forum CrowdSec packages topic:

Gandalf · January 23, 2022, 10:17am

github.com/crowdsecurity/crowdsec

Idea/GeoIP: offline/update/share database

opened 10:16AM - 23 Jan 22 UTC

erdoukki

kind/enhancement

At first, it is a specific OpenWrt packaging need, but I like to share the need …here, which may be also a global enhancement. **Is your feature request related to a problem? Please describe.** CrowdSec OpenWrt package is downloading the GeoIP databases at postinstall, this may be a huge download on some users ISP, but it also may not work at all in case users want to integrate the crowdsec package in the OpenWrt firmware image. **Describe the solution you'd like** It will be better to have an complementary OpenWrt package with the GeoIP database as dependency. **Describe alternatives you've considered** (Optional) An offline package solution may be better than a postpone downloading tweak. May be also the [geoip/geoipupdate](https://github.com/maxmind/geoipupdate) tool will be sufficient and give us the update feature for another software. **Example of what you imagine** I can propose to OpenWrt developers a crowdsec-data-geoip OpenWrt specific package which contains the geoip database files. This is a simple solution. This will fix the issue. This will not broke anything. This may need an update of crowdsec package dependency, but may work also without. This can still be enhanced later. **Additional context** TOR or, maybe other software/tools, may also require the GeoIP DB. May be it is possible to have these GeoIP DB, used by all with simply storing them on a default [DATADIR](https://github.com/maxmind/geoipupdate/blob/bcfacbc47d5607ea4fb20ae341326cd1ae3a2326/conf/GeoIP.conf.default#L17) location. What do you think of this ? Please share your experience on this...

Topic		Replies	Views
Crowdsec on Turris Omnia Router crowdsec	2	345	October 11, 2022
Can OpenWRT build run in the cloud? crowdsec	3	807	September 14, 2021
Planned setup: does this make sense? crowdsec	5	829	March 6, 2022
Crowdsec v1.1 : new packages, new life crowdsec	7	799	July 22, 2021
Crowdsec versions compatibility	5	703	March 21, 2022

Related Topics