This repository aim to implement a CrowdSec bouncer for the router Mikrotik to block malicious IP to access your services. For this it leverages Mikrotik API to populate a dynamic Firewall Address List.

Prerequisites:
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security

Procedure:
1    Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2    Copy the API key printed. You WON'T be able the get it again.
3    Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4    Start bouncer with docker-compose up bouncer in the example directory
5    Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6    Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)

/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"

/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"