I just discovered crowdsec and wow, this is just what we do (basically) with iptables and mysql on our infra (250 vms). It works but not easy to maintain and so “basic”.
I have a question, we are in a web/telephony/mail business and I’d like to try crowdsec on a small group of our infra before migrate everything.
Is it possible to use crowdsec just with an api (or maybe 2 for backup) server. I mean, is it possible that our 250 vms just exchange with api servers dedicated to distribute banned ip on the network. Is this kind of usage possible without interaction with the centralized database ?
This because one ip banned from my side can be a legitimate client for another ? Any advice about this ?
Let me know if I’m not clear enough, I’ll try to explain again