Working with two bouncers


i have installed two bouncer, nginx and firewall-iptable one

the current behavor is when i block an ip, it’s blocked on both bouncers, it’s add on iptable and to a 403 forbidden page, i would like to be able to block ssh brute force attack (ssh-bf) or all syslogs with the iptable bouncer, and for the http/nginx collection i want to use only the nginx bouncer and not ban them on the iptable bouncer firewall.

i can’t see a way for now to do it, i was digging on how to write a profile to take action like :

  • Alert.Remediation == true && Alert.GetScope() == “Ip” && Alert.GetScenario() in [“crowdsecurity/ssh-bf”]
  • type: ban

but type ban is used on both bouncer’s…

any work around this or maybe any way to define a new type?