hi,
i have installed two bouncer, nginx and firewall-iptable one
the current behavor is when i block an ip, it’s blocked on both bouncers, it’s add on iptable and to a 403 forbidden page, i would like to be able to block ssh brute force attack (ssh-bf) or all syslogs with the iptable bouncer, and for the http/nginx collection i want to use only the nginx bouncer and not ban them on the iptable bouncer firewall.
i can’t see a way for now to do it, i was digging on how to write a profile to take action like :
filters:
- Alert.Remediation == true && Alert.GetScope() == “Ip” && Alert.GetScenario() in [“crowdsecurity/ssh-bf”]
decisions: - type: ban
but type ban is used on both bouncer’s…
any work around this or maybe any way to define a new type?