How to ban IP permanently?

R67 · October 25, 2021, 5:49pm

I’m using crowdsec on debian with crowdsec-firewall-bouncer-iptables - Firewall bouncer for Crowdsec (iptables+ipset).

I know that crowdsec’s profiles.yaml has a default ban timeout of 4h.

So ipset has a timeout parameter for each IP address with a maximum value in seconds == 4294967 seconds = 49.7 days.

I infer this from the crowdsec-firewall-bouncer.log file where I saw this:

Syntax error: '31535993' is out of range 0-4294967\n"

… when I tried banning for 365 days (8760 hours) via /etc/crowdsec/profiles.yaml

What value should I use for the profile duration in profiles.yaml - in order to ban for eternity?

ipset’s manual says 0 means forever, but passing 0h or 0 in profiles.yaml causes only errors in crowdsec-firewall-bouncer.log.

alteredCoder · October 26, 2021, 8:51am

Hello,

Currently, it is not possible to perma ban IP with crowdsec. If you need IPs to be ban permanently, i would suggest you to create new set in your ipset (not the one used by crowdsec), and add the IPs you want to perma ban inside.

Topic		Replies	Views
how to ban an IP or IP list permanently ? crowdsec	1	844	December 6, 2021
Block duration from profiles.yaml not applied after reload crowdsec	8	937	March 23, 2021
Ban escalation time crowdsec	4	1118	November 18, 2022
How to make permament ban	5	2802	February 1, 2023
Ban not working at all	6	954	June 1, 2023

How to ban IP permanently?

Related Topics