Few questions about first usages

Hi folks,

I just discovered crowdsec and wow, this is just what we do (basically) with iptables and mysql on our infra (250 vms). It works but not easy to maintain and so “basic”.

I have a question, we are in a web/telephony/mail business and I’d like to try crowdsec on a small group of our infra before migrate everything.

Is it possible to use crowdsec just with an api (or maybe 2 for backup) server. I mean, is it possible that our 250 vms just exchange with api servers dedicated to distribute banned ip on the network. Is this kind of usage possible without interaction with the centralized database ?

This because one ip banned from my side can be a legitimate client for another ? Any advice about this ?

Let me know if I’m not clear enough, I’ll try to explain again :slight_smile:

Yes, what you proposed is completely possible. You can read this to get some insight: How to set up a CrowdSec multi-server installation - The open-source massively multiplayer firewall leveraging the crowd power

The ip you received from the centralized database are customized for your setup (the scenarios you have installed). It’s high probability that these ips are a threat for you too.

Does this make sense to you ?