Whitelisting Crowdsec Servers IP Addresses for Console Access and Blocklist Download

I am considering enforcing a “Default Deny” Policy on my OPNSense Router/Firewall.

I previously attempted the same “Exercise” with IP Blocklist (in OPNSense → Firewall → Aliases), but of course a “Default Deny” Policy (including OUTBOUND) Traffic will also prevent OPNSense from downloading the Blacklists.

I presume that Crowdsec would suffer from the same Problem.

I usually whitelist what I allow e.g. “Allowed System DNS Servers” and so on.

Is there a list of Crowdsec Server IPs (for Console + Blocklist download) available somewhere that I can put into OPNSense (or any other FreeBSD/Linux Machine for that Matter) to make sure that they can still get the benefit from Crowdsec by having access to the Crowdsec Console and the Blocklist download ?

Thank you for your help :smiley:.

We dont have static IP’s since we rely on serverless architecture the only way would be DNS blocking / allowing.

That’s unfortunate :frowning: