I’m curious about the best option of integrating multiple devices. Here is a sample scenario:
At home, one router, a NAS and multiple laptops.
Say traffic to ports 80 and 443 is the only incoming traffic allowed through the firewall on the router and gets forwarded to a reverse proxy on the NAS.
I could run crowdsec on the NAS, check the reverse proxy logs and ban on the NAS but wouldn’t it make much more sense to ban on the router?
And how about actually analysing the router logs?
What would be the best way, send the router logs to the NAS for analysing and then send the ban command back to the router?
Or maybe run crowdsec on the router itself and do the banning there?
I don’t know what the others think. But for me the best setup you can on this context is to have :
Crowdsec installed on the NAS and analyze reverse proxy logs
Depends on your router model (features availables etc.), you can install a bouncer on the router so the router will fetch the bans from crowdsec on the NAS.
THX for your input. I will look into it. My router is a UDM (Unifi dream machine – not the UDM Pro one though) and you can permanently install “scripts” and similar stuff onto it, so I guess adding a bouncer could work, or running the bouncer on the NAS which simply sends the right “commands” to create / delete bans on the router?
Anyway, I’ll check how much effort this takes and if it’s within the limits of my knowledge to get this running.