Few questions about first usages

unam · June 2, 2021, 4:00pm

Hi folks,

I just discovered crowdsec and wow, this is just what we do (basically) with iptables and mysql on our infra (250 vms). It works but not easy to maintain and so “basic”.

I have a question, we are in a web/telephony/mail business and I’d like to try crowdsec on a small group of our infra before migrate everything.

Is it possible to use crowdsec just with an api (or maybe 2 for backup) server. I mean, is it possible that our 250 vms just exchange with api servers dedicated to distribute banned ip on the network. Is this kind of usage possible without interaction with the centralized database ?

This because one ip banned from my side can be a legitimate client for another ? Any advice about this ?

Let me know if I’m not clear enough, I’ll try to explain again
Regards,

kaa · June 4, 2021, 12:44pm

Yes, what you proposed is completely possible. You can read this to get some insight: How to set up a CrowdSec multi-server installation - The open-source massively multiplayer firewall leveraging the crowd power

The ip you received from the centralized database are customized for your setup (the scenarios you have installed). It’s high probability that these ips are a threat for you too.

Does this make sense to you ?

Topic		Replies	Views
CrowdSec and Proxmox POC crowdsec	4	3391	December 1, 2023
Ipset, performance, whitelist, api, dashboard, postfix logs crowdsec	4	1158	October 16, 2020
Share block IP info crowdsec	2	565	March 5, 2023
Crowdsec and Fail2ban on same server?	2	998	April 20, 2023
I have somehow banned myself! HELP! :-D	3	736	January 31, 2023

Few questions about first usages

Related Topics