Crowdsec is great

fasttech · January 15, 2026, 4:50pm

Just wanted to say I’m really glad you guys went with Crowdsec. I’m really impressed with how well it filters traffic. Comparing its performance against community Snort in front of it and I’m about ready to turn Snort off really. I’ve found that an initial ban time of 32 min seems to be the sweet spot in encouraging the really aggressive bad guys to give up. I’ve monitored the really persistent scumbags and found that within about a day with ban time ramping up into the 400 min mark and even they rarely come back even weeks later.

stephdl · January 16, 2026, 1:37pm

Thank, it has been a long run to get it

antonin.chadima · January 17, 2026, 4:19am

nethsecurity related

antonin.chadima · January 19, 2026, 3:10pm

Is Crowdsec coming to Nethsecurity?

filippo_carletti · January 19, 2026, 3:40pm

It has been installed in our NethSecurity at the end of 2023. I still have notes, but I don’t know if they are still valid today.

Blocking IP addresses that try to brute-force access to NethSecurity is now accomplished by Threat Shield.

If there’s interest, we could re-evaluate to install crowdsec on NethSecurity.

antonin.chadima · January 21, 2026, 9:05am

First of all, I am very satisfied with what NethSecurity provides. I have used various firewall solutions (VyOS, pfSense, OPNsense, Sophos, Untangle)—migrating projects to new solutions and repeatedly returning to some of them again—but somehow, I always ended up back on OpenWrt x86. I even use it for large commercial deployments, which might sound strange, but I am simply not a fan of BSD, and licensing issues have arisen with other projects.

However, there was always one main problem with OpenWrt for me. I had to choose between running vanilla OpenWrt (which was never a big issue) or installing a bunch of packages (banIP, bash, CrowdSec, IDS/IPS, etc.) to increase the system’s value. The latter usually didn’t turn out well, especially when upgrading packages or the entire system. BanIP still gives me gray hair… This is why I appreciate how NethSecurity enriches the basic OpenWrt system.

While Threat Shield IP effectively blocks IP address lists and brute-force attacks, the real power of CrowdSec lies in its community-shared list of malicious addresses for real-time protection and its Layer 7 agent-bouncer system. As mentioned earlier, I will not be manually installing CrowdSec into NethSecurity as I did with OpenWrt. I would welcome it if you officially added CrowdSec to NethSecurity, but it won’t be a dealbreaker for me if you do not.