Hi,
When I run a brut force ssh login to the server, my ip adress is banned but I can sil interact with the server.
Hello !
crowdsec itself is in charge of the detection and emitting decision, but the bouncer(s) are in charge of applying the decision (see FAQ)
You should take a look at the bouncers on the hub to find where and how you want to apply the decision. If you don’t know which one to chose, netfilter is a good default to protect the machine itself, while the nginx one might more relevant if you’re doing web centric things !
Note: future versions of crowdsec’s wizard will directly suggest installation of relevant bouncers, but not done yet ^^
1 Like