I am considering enforcing a “Default Deny” Policy on my OPNSense Router/Firewall.
I previously attempted the same “Exercise” with IP Blocklist (in OPNSense → Firewall → Aliases), but of course a “Default Deny” Policy (including OUTBOUND) Traffic will also prevent OPNSense from downloading the Blacklists.
I presume that Crowdsec would suffer from the same Problem.
I usually whitelist what I allow e.g. “Allowed System DNS Servers” and so on.
Is there a list of Crowdsec Server IPs (for Console + Blocklist download) available somewhere that I can put into OPNSense (or any other FreeBSD/Linux Machine for that Matter) to make sure that they can still get the benefit from Crowdsec by having access to the Crowdsec Console and the Blocklist download ?
Thank you for your help 
.
