From the guy that has been accused of going overboard on security measures, I use both. It just depends on your setup tho. On a low resource server, I would pick crowdsec as it covers more ground than F2B. Running two log parsers does use more resources. ~ my 2 cents
irmadlad
Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. https://soundcloud.com/hood-poet-608190196
- 1 Post
- 3 Comments
Joined 2 months ago
Cake day: March 24th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
151·4 days agoAs you probably know the crowdsec bouncer doesn’t directly parse logs or do checks like F2B filters. It queries the crowdsec LAPI for decisions and applies them. The “allowed” or “whitelisted” IP logic is handled at the Security Engine or LAPI level, not by the bouncer itself.
You can whitelist an ip in
/etc/crowdsec/whitelists.yamlor even whitelist decisions in the whitelist.yaml as such:name: private-ips description: Whitelist local and private IPs whitelist: reason: "Allow local and private IPs" ip: - "127.0.0.1" - "192.168.1.0/24" cidr: - "10.0.0.0/8"Then issue
sudo systemctl reload crowdsec. Kind of the same concept as F2B’signoreipoption. If you are using Tailscale to administer the server, then it’s easier to whitelist. IIRC, you can usecscli decisions add --type whitelist --ip 192.168.1.100 --duration 1ybut it doesn’t add them to the whitelist.yaml. Instead it keeps them in crowdsec’s database managed by LAPI. To undo:cscli decisions delete --ip 192.168.1.100 --type whitelisthttps://docs.crowdsec.net/u/getting_started/post_installation/whitelists/
Hey bro. I apologize for getting back to you so late. Did you ever get this resolved? I’m not hugely knowledgeable about the intricacies of nginx. I went with Caddy, but there is probably some commonality between the two. lmk