Integrating CrowdSec Blocklists Directly Into Your Firewall
Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent.
| Difficulty | 1/5 |
| CrowdSec Service Setup Time | 5 minutes |
| Firewall Configuration Time | 5~10 minutes |
| Involved Resources | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall |
Steps to follow
For this use case, you will need to:
- Create a Blocklist As A Service endpoint within the CrowdSec Console UI or API
- Who: Anybody with a browser
- Skill Level: Easy
- Time: 5 minutes (including account creation)
- Minium Plan: free
- Subscribe to the blocklist(s) you want to use
- Who: Anybody with a browser
- Skill Level: Easy
- Time: < 5 minutes
- Minium Plan: free
- Make a rule into your firewall that fetches the blocklist from the BLAAS endpoint (basic auth URL)
- Who: Firewall administrator
- Skill Level: Easy
- Time: 5~10 minutes
Test that it works and evaluate performance
- Check that the end point is providing the blocklist you subscribed to at the format you chose by running a
curlcommand:
curl -u <user>:<password> <url of the endpoint>
- Check that the blocklist is being fetched by your firewall by observing the logs or metrics of your firewall.
Depending on your firewall capabilities you can chose a metered action in your rule OR observe volume of ingress reaching your services before and after using the blocklist.
Note that
Next step - Scale and Automate
You can use CrowdSec Service API (SAPI) to automate both:
You can also look into creating and Sharing your own blocklists via SAPI.
Check out our swagger for SAPI ↗️
(usecase coming soon)
