Hi, lot of questions here
I use ipset (and nftables with firewalld), I use a small in house script with the custom bouncer.
All work fine. Do you plan to write some ipset bouncer ? (2 commands ipset add and ipset del).
About performance, I use fail2ban since… years and years…
Do you have some test to see how run crowdsec against fail2ban ?
Fail2ban is well know, ton of scripts, crowdsec is new, we don’t know if the project will survive. At least we need some information about how it work
About whitelist, I have made a copy of cdn-whitelist.yaml to use my own ip list.
But the file in the source_url was not downloaded, I had to do that manually.
Is there any automatic process on that ? Some check for a new version sometimes ?
Or do I have to manage that on my side ?
With the API.
In the doc I see : cscli api pull
If I run the command this download a list of IP.
But do I need to run that by myself (or with cron) ?
Or there is a default automatic check ?
Other command : cscli api enroll
What is the crowdsec backend ? Where can I register some user account ?
About the dashboard, we need to run docker… But I don’t want to run docker just for that (yeah I’m some old school guy), do you have some documentation to configure that by myself ?
And last point, when you install crowdsec and you select postfix filter, the log file is not configured in acquis.yaml, I had to make this myself (not a big deal but for new user…).
Sorry for all those questions !
[EDIT]
Sorry, last question !
How much IP adress (or subnet) can you whitelist ?
I have a big list of IP from Ezoic (more that 1200), is this a problem ?
Fail2ban didn’t like when I try to add all this list on the ignoreip…
[/EDIT]