NethServer Version: latest NS8 community release Module: crowdsec
Hi all,
Is it possible to connect the crowdsec instance in NS8 to another crowdsec, e.g. one running in my opnsense firewall?
On plain Debian machines, this can be done by some cscli commands (e.g. cscli lapi register ...).
The benefit would be that decisions get shared between machines, and traffic would directly be blocked on the firewall.
How is such a configuration possible on NS8? Can I just use cscli, adjust the config, and it will work in a stable way?
It’s possible, I connected NethServer 8 with NethSecurity 8.
Roughly, you need a traefik route for the crowdsec port.
Then you can use the usual cscli command, after entering the container.
Nice, thank you. This will add the firewall as bouncer and keep the lapi in NS8. Is it also possible to have the lapi on the firewall and connect NS8 to it? That would scale better if there are other servers besides NS8 in the network (or several instances of NS8).