crowdsec-mikrotik-bouncer
crowdsec-mikrotik-bouncer
Aplicación Docker from Darklesc's Repository
Visión general
This repository aim to implement a CrowdSec bouncer for the router Mikrotik to block malicious IP to access your services. For this it leverages Mikrotik API to populate a dynamic Firewall Address List.
Requisitos
Prerequisites:
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
Argumentos en tiempo de ejecución
- Red
bridge- Concha
sh- Privilegiado
- false
Configuración de plantillas
CROWDSEC BOUNCER API KEYVariable
- Objetivo
- CROWDSEC_BOUNCER_API_KEY
- Por defecto
- your-api-key
- Valor
- your-api-key
CROWDSEC URLVariable
- Objetivo
- CROWDSEC_URL
- Por defecto
- http://crowdsec:8080/
- Valor
- http://crowdsec:8080/
MIKROTIK HOSTVariable
- Objetivo
- MIKROTIK_HOST
- Por defecto
- your-ip-mikrotik:8728
- Valor
- your-ip-mikrotik:8728
MIKROTIK USERVariable
- Objetivo
- MIKROTIK_USER
- Por defecto
- your-mirkotik-user
- Valor
- your-mirkotik-user
MIKROTIK PASSVariable
- Objetivo
- MIKROTIK_PASS
- Por defecto
- your-mikrotik-pass
- Valor
- your-mikrotik-pass
MIKROTIK IPV6Variable
- Objetivo
- MIKROTIK_IPV6
- Por defecto
- true
- Valor
- true
MIKROTIK TLSVariable
- Objetivo
- MIKROTIK_TLS
- Por defecto
- true
- Valor
- true
CROWDSEC ORIGINSVariable
- Objetivo
- CROWDSEC_ORIGINS
- Por defecto
- none
- Valor
- none
LOG LEVELVariable
- Objetivo
- LOG_LEVEL
- Por defecto
- 1
- Valor
- 1
Categorías
Descargar estadísticas
524
Descargas totales
Detalles
Repositorio
ghcr.io/funkolab/cs-mikrotik-bouncer:latestÚltima actualización2022-05-22
Visto por primera vez2024-12-09
Ejecute crowdsec-mikrotik-bouncer en Unraid.
crowdsec-mikrotik-bouncer se encuentra en Community Apps para Unraid OS. Explore Unraid para crear un servidor doméstico flexible, un NAS o un laboratorio doméstico.