crowdsec-mikrotik-bouncer
Docker 应用程序 from Darklesc's Repository
概述
This repository aim to implement a CrowdSec bouncer for the router Mikrotik to block malicious IP to access your services. For this it leverages Mikrotik API to populate a dynamic Firewall Address List.
要求
Prerequisites:
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/
cscli bouncers add Mikrotik-0
Activate API in mikrotik
IP -> Service -> Enable api and apply security
Procedure:
1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer
2 Copy the API key printed. You WON'T be able the get it again.
3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey"
4 Start bouncer with docker-compose up bouncer in the example directory
5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List
6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used)
/ip/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
/ipv6/firewall/filter/
add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules"
add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules"
运行时参数
- 网络
bridge- 外壳
sh- 特权
- false
模板配置
CROWDSEC BOUNCER API KEYVariable
- 目标
- CROWDSEC_BOUNCER_API_KEY
- 默认值
- your-api-key
- 价值
- your-api-key
CROWDSEC URLVariable
- 目标
- CROWDSEC_URL
- 默认值
- http://crowdsec:8080/
- 价值
- http://crowdsec:8080/
MIKROTIK HOSTVariable
- 目标
- MIKROTIK_HOST
- 默认值
- your-ip-mikrotik:8728
- 价值
- your-ip-mikrotik:8728
MIKROTIK USERVariable
- 目标
- MIKROTIK_USER
- 默认值
- your-mirkotik-user
- 价值
- your-mirkotik-user
MIKROTIK PASSVariable
- 目标
- MIKROTIK_PASS
- 默认值
- your-mikrotik-pass
- 价值
- your-mikrotik-pass
MIKROTIK IPV6Variable
- 目标
- MIKROTIK_IPV6
- 默认值
- true
- 价值
- true
MIKROTIK TLSVariable
- 目标
- MIKROTIK_TLS
- 默认值
- true
- 价值
- true
CROWDSEC ORIGINSVariable
- 目标
- CROWDSEC_ORIGINS
- 默认值
- none
- 价值
- none
LOG LEVELVariable
- 目标
- LOG_LEVEL
- 默认值
- 1
- 价值
- 1
类别
下载统计数据
524
下载总数
详细信息
存储库
ghcr.io/funkolab/cs-mikrotik-bouncer:latest最后更新2022-05-22
初见2024-12-09
在Unraid 上运行 crowdsec-mikrotik-bouncer 。
crowdsec-mikrotik-bouncer 已被列入Unraid OS 的社区应用程序。探索Unraid ,构建灵活的家庭服务器、NAS 或家庭实验室。