Where is the crowdsec-blacklists ipset data originating from on Ubuntu 22.04?

evonet · October 23, 2023, 6:10pm

Hi. I’m integrating crowdsec and crowdsec-firewall-bouncer-iptables on a system that is running hestia-cp on Ubuntu 22.04.

Hestia uses it’s own iptables process and removes the crowdsec iptables entry if it’s not added directly to hestia. Hestia needs the actual data source in the form of a url or file, but I can’t find the crowdsec-blacklists location on my system, nor do I see it in the crowdsec docs. Maybe it populates the ipset directly from an api? crowdsec seems to work fine in general and running the command: ipset list crowdsec-blacklists reveals data in the ipset.

Does anyone know the data source location for the ipset: crowdsec-blacklists?

Thanks!

iiAmLoz · October 24, 2023, 10:37am

The ipset is filled via crowdsec-firewall-bouncer-iptables binary which calls the LAPI which is a http api that is running on the crowdsec binary.

https://crowdsecurity.github.io/api_doc/lapi/

You can call the API directly but there are some caveats depending on how hestia works.

You could instead use our custom bouncer which then calls a script to write to a file which then hestia monitors?

evonet · October 25, 2023, 9:26am

Thanks! I’m working a workaround and will post the results in case it’s helpful to anyone.

Topic		Replies	Views
[SOLVED] Ipset list crowdsec-blacklists and crowdsec6-blacklists are empty crowdsec	4	4129	April 27, 2022
Ipset, performance, whitelist, api, dashboard, postfix logs crowdsec	4	1173	October 16, 2020
FirewallBouncer works well but rules not in iptables list crowdsec	1	1447	May 4, 2023
Crowdsec-blacklists empty	10	2024	November 28, 2020
CrowdSec setup feedback and general questions crowdsec	1	628	October 19, 2023

Where is the crowdsec-blacklists ipset data originating from on Ubuntu 22.04?

Related topics