Hi all,
I recently came to know the existence of a full blown REST API to interact with EdgeOS devices (I have an EdgeRouter 4). The API is documented here: https://github.com/Matthew1471/EdgeOS-API.
I used that API to automatically add IPs to a blacklist on my router based on alerts reported by my Suricata instance. I have documented it here: https://github.com/googleg/hund-ips-edgeos?tab=readme-ov-file. It is actually very simple and does not require any intervention on the router other than creating a dedicated firewall ip-address group.
I was thinking of using the same principle to block offending IPs reported by Crowdsec, through a custom bouncer. That should be a very simple task because I have already done all the legwork, all I need to do is to change my script to get the IPs from the command line instead of polling a REDIS server.
My question is: has anyone done that already, and if so please point me towards any useful resource.
Thank you.
Thank you.