crowdsec-mikrotik-bouncer
crowdsec-mikrotik-bouncer
Application Docker from Darklesc's Repository
Vue d'ensemble
This repository aim to implement a CrowdSec bouncer for the router Mikrotik to block malicious IP to access your services. For this it leverages Mikrotik API to populate a dynamic Firewall Address List.
Exigences
Prerequisites:
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
Arguments d'exécution
- Réseau
bridge- Coquille
sh- Privilégié
- false
Configuration du modèle
CROWDSEC BOUNCER API KEYVariable
- Cible
- CROWDSEC_BOUNCER_API_KEY
- Défaut
- your-api-key
- Valeur
- your-api-key
CROWDSEC URLVariable
- Cible
- CROWDSEC_URL
- Défaut
- http://crowdsec:8080/
- Valeur
- http://crowdsec:8080/
MIKROTIK HOSTVariable
- Cible
- MIKROTIK_HOST
- Défaut
- your-ip-mikrotik:8728
- Valeur
- your-ip-mikrotik:8728
MIKROTIK USERVariable
- Cible
- MIKROTIK_USER
- Défaut
- your-mirkotik-user
- Valeur
- your-mirkotik-user
MIKROTIK PASSVariable
- Cible
- MIKROTIK_PASS
- Défaut
- your-mikrotik-pass
- Valeur
- your-mikrotik-pass
MIKROTIK IPV6Variable
- Cible
- MIKROTIK_IPV6
- Défaut
- true
- Valeur
- true
MIKROTIK TLSVariable
- Cible
- MIKROTIK_TLS
- Défaut
- true
- Valeur
- true
CROWDSEC ORIGINSVariable
- Cible
- CROWDSEC_ORIGINS
- Défaut
- none
- Valeur
- none
LOG LEVELVariable
- Cible
- LOG_LEVEL
- Défaut
- 1
- Valeur
- 1
Catégories
Télécharger les statistiques
524
Total des téléchargements
Détails
Référentiel
ghcr.io/funkolab/cs-mikrotik-bouncer:latestDernière mise à jour2022-05-22
Première vue2024-12-09
Exécutez crowdsec-mikrotik-bouncer sur Unraid.
crowdsec-mikrotik-bouncer est listé dans Community Apps pour Unraid OS. Explorez Unraid pour créer un serveur domestique flexible, un NAS ou un laboratoire domestique.