crowdsec-mikrotik-bouncer
crowdsec-mikrotik-bouncer
Docker-Anwendung from Darklesc's Repository
Übersicht
This repository aim to implement a CrowdSec bouncer for the router Mikrotik to block malicious IP to access your services. For this it leverages Mikrotik API to populate a dynamic Firewall Address List.
Anforderungen
Prerequisites:
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
Laufzeit-Argumente
- Netzwerk
bridge- Shell
sh- Privilegiert
- false
Konfiguration der Vorlage
CROWDSEC BOUNCER API KEYVariable
- Ziel
- CROWDSEC_BOUNCER_API_KEY
- Standard
- your-api-key
- Wert
- your-api-key
CROWDSEC URLVariable
- Ziel
- CROWDSEC_URL
- Standard
- http://crowdsec:8080/
- Wert
- http://crowdsec:8080/
MIKROTIK HOSTVariable
- Ziel
- MIKROTIK_HOST
- Standard
- your-ip-mikrotik:8728
- Wert
- your-ip-mikrotik:8728
MIKROTIK USERVariable
- Ziel
- MIKROTIK_USER
- Standard
- your-mirkotik-user
- Wert
- your-mirkotik-user
MIKROTIK PASSVariable
- Ziel
- MIKROTIK_PASS
- Standard
- your-mikrotik-pass
- Wert
- your-mikrotik-pass
MIKROTIK IPV6Variable
- Ziel
- MIKROTIK_IPV6
- Standard
- true
- Wert
- true
MIKROTIK TLSVariable
- Ziel
- MIKROTIK_TLS
- Standard
- true
- Wert
- true
CROWDSEC ORIGINSVariable
- Ziel
- CROWDSEC_ORIGINS
- Standard
- none
- Wert
- none
LOG LEVELVariable
- Ziel
- LOG_LEVEL
- Standard
- 1
- Wert
- 1
Kategorien
Statistik herunterladen
524
Downloads insgesamt
Einzelheiten
Repository
ghcr.io/funkolab/cs-mikrotik-bouncer:latestZuletzt aktualisiert2022-05-22
Erstmals gesehen2024-12-09
Führen Sie crowdsec-mikrotik-bouncer auf Unraid aus.
crowdsec-mikrotik-bouncer ist gelistet in Community Apps für Unraid OS. Erkunden Sie Unraid, um einen flexiblen Heimserver, ein NAS oder ein Heimlabor aufzubauen.