A bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions.

Create API token and set permisions

https://dash.cloudflare.com/profile/api-tokens
https://raw.githubusercontent.com/crowdsecurity/cs-cloudflare-bouncer/main/docs/assets/token_permissions.png

Obtain `crowdsec_lapi_key` from crowdsec terminal
`cscli -oraw bouncers add cloudflarebouncer`

Create `/crowdsec/bouncers` directory if it doesn't exist
`sudo mkdir /mnt/user/appdata/crowdsec/bouncers`

Create CF bouncer config using token(s), ex. `CLOUDFLARE_API_TOKEN1,CLOUDFLARE_API_TOKEN2`
`docker run --rm crowdsecurity/cloudflare-bouncer -g CLOUDFLARE_API_TOKEN /mnt/user/appdata/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml`

Review config and set `crowdsec_lapi_key` , `crowdsec_lapi_url` must be reachable by the container
`sudo nano /mnt/user/appdata/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml`

Start the container