Crowdsec packages for OpenWrt

I didn't have /etc/crowdsec/online_api_credentials.yaml. I tried copying the one from the build dir, but it is empty so that's all I have.

After doing cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml now it has some content:

❯ cat /etc/crowdsec/local_api_credentials.yaml
url: http://127.0.0.1:8081
❯ cat /etc/crowdsec/online_api_credentials.yaml
url: https://api.crowdsec.net/
login: 49584377b2242b45c5e64522616aeb8et6xsGRgAsloMB4Md
password: 1KjbHcCjPUxyabEH9yiKzfolJJ5llIQLzBhae7WRUiX5XHesjmJFp5fdkPnGpD2P
❯ ls -Al /etc/crowdsec
total 21
-rw-r--r-- 1 root root  286 Oct 16 09:45 acquis.yaml
drwxr-xr-x 1 root root 3488 Oct 16 17:45 bouncers
drwxr-xr-x 1 root root 3488 Oct 16 17:51 collections
-rw-r--r-- 1 root root 1413 Oct 16 17:54 config.yaml
-rw-r--r-- 1 root root  969 Oct 16 09:45 dev.yaml
-rw-r--r-- 1 root root   27 Oct 16 17:44 local_api_credentials.yaml
-rw-r--r-- 1 root root  162 Oct 17 09:30 online_api_credentials.yaml
drwxrwxr-x 5 root root 3488 Oct 16 17:51 parsers
drwxr-xr-x 2 root root  374 Oct 16 09:45 patterns
drwxr-xr-x 2 root root    3 Oct 16 09:45 postoverflows
-rw-r--r-- 1 root root  522 Oct 16 09:45 profiles.yaml
drwxr-xr-x 1 root root 3488 Oct 16 17:51 scenarios
-rw-r--r-- 1 root root   57 Oct 16 09:45 simulation.yaml
-rw-r--r-- 1 root root  991 Oct 16 17:44 user.yaml

Running crowdsec directly:

==> /var/log/crowdsec.log <==
time="17-10-2021 09:34:59" level=error msg="Failed to notify(sent: false): <nil>"
time="17-10-2021 09:34:59" level=warning msg="Starting processing data"
time="17-10-2021 09:34:59" level=info msg="Error machine login for  : ent: machine not found "

==> /var/log/crowdsec_api.log <==
time="17-10-2021 09:34:59" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 09:34:59 CEST] \"POST /v1/watchers/login HTTP/1.1 401 430.383µs \"crowdsec/v1.2.0-openwrt-openwrt\" \""

==> /var/log/crowdsec.log <==
time="17-10-2021 09:34:59" level=fatal msg="starting outputs error : authenticate watcher (): Post \"http://127.0.0.1:8081/v1/watchers/login\": API error: ent: machine not found"

Here is the error.
It should have been replaced in the

/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml

It is made at install, but looks to have not work.
I have add a pseudo upgrade script to not replace it, but it may have a bug.

1 Like

You may have the service already started and then use cscli command line.
You can then check the registered status and redo it if needed.
I will look to the necessary commands.

You may also need to register your host with:

cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml

I do not get the point why your install script do not execute...

cscli may be usefull to check status:
you can check the local API with: cscli lapi status

root@LPM:~# cscli lapi status
INFO[17-10-2021 10:25:20 AM] Loaded credentials from /etc/crowdsec/local_api_credentials.yaml 
INFO[17-10-2021 10:25:20 AM] Trying to authenticate with username xxxxxx on http://0.0.0.0:8080/ 
INFO[17-10-2021 10:25:21 AM] You can successfully interact with Local API (LAPI)

You can see that I have changed the IP to 0.0.0.0 to be able to have remote computers talking with the local API.

you can check the central API with: cscli capi status

root@LPM:~# cscli capi status
INFO[17-10-2021 10:26:30 AM] Loaded credentials from /etc/crowdsec/online_api_credentials.yaml 
INFO[17-10-2021 10:26:30 AM] Trying to authenticate with username xxxxx on https://api.crowdsec.net/ 
INFO[17-10-2021 10:26:31 AM] You can successfully interact with Central API (CAPI)

If the CAPI status is okay, you can use the console in beta available here:
https://app.crowdsec.net

the computers registered with the service can be listed with: cscli machines list

root@LPM:~# cscli machines list
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 NAME                                              IP ADDRESS  LAST UPDATE                STATUS  VERSION                                                                
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 xxxx  127.0.0.1   2021-10-17T10:25:21+02:00  ✔️       v1.2.0-openwrt-openwrt

If all is fine you can check that the collaborative bad IP list is locally apply in the crowdsec-firewall-bouncer
If using iptables, you must have install ipset, and the ipset list command can show you the bad IP.

If you use nftables, you can use specific commands like:

nft list tables
nft list table crowdsec
nft list chains
nft list ruleset

cscli can also be used to check these alerts with: cscli alerts list

root@LPM:~# cscli alerts list
+------+------------------------------+----------------------+---------+----+-----------+--------------------------------+
|  ID  |            VALUE             |        REASON        | COUNTRY | AS | DECISIONS |           CREATED AT           |
+------+------------------------------+----------------------+---------+----+-----------+--------------------------------+
| 1051 | crowdsec/community-blocklist | update : +728/-0 IPs |         |    | ban:728   | 2021-10-17 09:20:26 +0200      |
|      |                              |                      |         |    |           | +0200                          |
| 1050 | crowdsec/community-blocklist | update : +727/-0 IPs |         |    | ban:1     | 2021-10-17 07:20:26 +0200      |
|      |                              |                      |         |    |           | +0200                          |

cscli metrics can shows you a global status health:


root@LPM:~# cscli metrics
INFO[17-10-2021 10:36:19 AM] Local Api Metrics:                           
+----------------------+--------+--------+
|        ROUTE         | METHOD |  HITS  |
+----------------------+--------+--------+
| /v1/alerts           | GET    |      3 |
| /v1/decisions/stream | GET    | 108456 |
| /v1/watchers/login   | POST   |      6 |
+----------------------+--------+--------+
INFO[17-10-2021 10:36:19 AM] Local Api Machines Metrics:                  
+--------------------------------------------------+------------+--------+------+
|                     MACHINE                      |   ROUTE    | METHOD | HITS |
+--------------------------------------------------+------------+--------+------+
| db3e872e345f48848d0d85ab5c529947GWkbyXJtyNnJziiS | /v1/alerts | GET    |    3 |
+--------------------------------------------------+------------+--------+------+
INFO[17-10-2021 10:36:19 AM] Local Api Bouncers Metrics:                  
+------------------------------+----------------------+--------+--------+
|           BOUNCER            |        ROUTE         | METHOD |  HITS  |
+------------------------------+----------------------+--------+--------+
| cs-firewall-bouncer-LeCzIx9V | /v1/decisions/stream | GET    | 108456 |
+------------------------------+----------------------+--------+--------+

Crowdsec has already made some tutorials available here:

There is still a lot of work to do for non INTEL/AMD worlds.
Like the dockerisation and the dashboard which actually do not work elsewhere than x86_AMD64.
I already made some POC, but still need to upstream to crowdsec and document for OpenWrt.

Thanks for feedback, testing, report, debug and patience.

1 Like

All right, I get crowdsec to run now. The firewall bouncers gets an access forbidden errror though:

==> /var/log/crowdsec-firewall-bouncer.log <==
time="17-10-2021 13:18:10" level=info msg="backend type : iptables"
time="17-10-2021 13:18:10" level=info msg="iptables for ipv4 initiated"
time="17-10-2021 13:18:10" level=info msg="iptables clean-up : /usr/sbin/iptables -D INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:10" level=info msg="iptables clean-up : /usr/sbin/iptables -D FORWARD -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:10" level=info msg="ipset clean-up : /usr/sbin/ipset -exist destroy crowdsec-blacklists"
time="17-10-2021 13:18:10" level=info msg="Checking existing set"
time="17-10-2021 13:18:10" level=info msg="ipset set-up : /usr/sbin/ipset -exist create crowdsec-blacklists nethash timeout 300"
time="17-10-2021 13:18:11" level=info msg="Rule doesn't exist (/usr/sbin/iptables -C INPUT -m set --match-set crowdsec-blacklists src -j DROP)"
time="17-10-2021 13:18:11" level=info msg="Rule doesn't exist (/usr/sbin/iptables -C FORWARD -m set --match-set crowdsec-blacklists src -j DROP)"
time="17-10-2021 13:18:11" level=info msg="iptables set-up : /usr/sbin/iptables -I INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="iptables set-up : /usr/sbin/iptables -I FORWARD -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="iptables for ipv6 initiated"
time="17-10-2021 13:18:11" level=info msg="iptables clean-up : /usr/sbin/ip6tables -D INPUT -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="iptables clean-up : /usr/sbin/ip6tables -D FORWARD -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="ipset clean-up : /usr/sbin/ipset -exist destroy crowdsec6-blacklists"
time="17-10-2021 13:18:11" level=info msg="Checking existing set"
time="17-10-2021 13:18:11" level=info msg="ipset set-up : /usr/sbin/ipset -exist create crowdsec6-blacklists nethash timeout 300 family inet6"
time="17-10-2021 13:18:12" level=warning msg="iptables check command (/usr/sbin/ip6tables -C INPUT -m set --match-set crowdsec6-blacklists src -j DROP) failed : exit status 1"
time="17-10-2021 13:18:12" level=debug msg="output: ip6tables: Bad rule (does a matching rule exist in that chain?).\n"
time="17-10-2021 13:18:12" level=warning msg="iptables check command (/usr/sbin/ip6tables -C FORWARD -m set --match-set crowdsec6-blacklists src -j DROP) failed : exit status 1"
time="17-10-2021 13:18:12" level=debug msg="output: ip6tables: Bad rule (does a matching rule exist in that chain?).\n"
time="17-10-2021 13:18:12" level=info msg="iptables set-up : /usr/sbin/ip6tables -I INPUT -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:12" level=info msg="iptables set-up : /usr/sbin/ip6tables -I FORWARD -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:12" level=info msg="Processing new and deleted decisions . . ."
time="17-10-2021 13:18:12" level=debug msg="req-api: GET http://localhost:8081/v1/decisions/stream?startup=true"

==> /var/log/crowdsec.log <==
time="17-10-2021 13:18:12" level=error msg="auth api key error: select bouncer: ent: bouncer not found: unable to query"

==> /var/log/crowdsec_api.log <==
time="17-10-2021 13:18:12" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 13:18:12 CEST] \"GET /v1/decisions/stream?startup=true HTTP/1.1 403 463.318µs \"crowdsec-firewall-bouncer/v0.0.15-openwrt\" \""

==> /var/log/crowdsec-firewall-bouncer.log <==
time="17-10-2021 13:18:12" level=debug msg="resp-api: http 403"
time="17-10-2021 13:18:12" level=fatal msg="API error: access forbidden"
❯ cat /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
mode: iptables
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: info
api_url: http://localhost:8081/
api_key: ${API_KEY}
disable_ipv6: false
deny_action: DROP
deny_log: false
#to change log prefix
#deny_log_prefix: "crowdsec: "
#if present, insert rule in those chains
iptables_chains:
- INPUT
- FORWARD
#  - DOCKER-USER

I changed ${BACKEND} to iptables or it would not even try to start. I tried replacing ${API_KEY} with the local and the online passwords but those don't seem to be the API key.

How can I find out the correct value? Or what else is wrong?

1 Like

I got it!.

I got the above mentioned key by adding a bouncer with:

cscli bouncers add myBouncer -l 24

That gave me an API_KEY, I replaced the unescaped var in /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml and now the cs-firewall-bouncer seems to run :grinning_face_with_smiling_eyes:

I'll keep checking it out, it looks amazing.

Thanks for helping out :grinning:

2 Likes

Thanks for reports... feedback, debugs, tests ... :+1:

Yes, I think also it is a great security tool. :sunglasses:

I already made a POC with remote LXC (NGINX PROXY MANAGER and NEXTCLOUD) servers which remotely send their bad access attempt to the central CrowdSec on main OpenWrt Gateway for blacklisting !
I actually moved the servers to Docker for better performances and have some more code/tweak in the pipe for ARM64...
But more simple than a Fail2Ban alternative !

Actually, now that you get a running installation, you can also get help from the CrowdSec community on their discourse https://discourse.crowdsec.net/ !

See you here for OpenWrt feedback and there for CrowdSec... :wink:

Take a look to their console actually in beta test.

The metabase based dashboard can also work locally and may be an alternative of the Cloud Console.

Really happy with crowdsec so far. I have added the multibase container so I was missing the cs-nginx-bouncer.

I've been trying to get it running under OpenWrt. The first thing I had to change was lua's makefile dropping the -DNGX_LUA_NO_BY_LUA_BLOCK option.

Then I had to add lua-logging and lua-ffi but I get a segfault in nginx with the ffi module:

Oct 18 14:40:48 someserver kernel: [  397.530419] traps: nginx[20136] general protection fault ip:7fd036c3b47e sp:7fff2ec6f830 error:0 in ffi.so[7fd036c38000+10000

So I am wondering what's the required ffi module. I've tried with https://github.com/zhaozg/lua-ffi

I've opened an issue in lua-cs-bouncer

The WIP packages are here

Also, the reason the initialization does not work automatically is because it is tried in a uci-default.

uci-default scripts are run the first thing in the boot process, much earlier than the networks are setup, hence it is not possible the registration can work. It has to be moved to a hotplug event.

uci-default are also execute at package installation.
It was modified in the review of the PR...
But there is still an issue, I think with the sed replacement.

It got also, you are right, to be managed with something like a hotplug checking network live, for be fully integrate in a firmware.
It do not work for now if you install it in a firmware image, but only if you install it at runtime.

Thanks,
I get a similar issue with cs-nginx-bouncer in debian lxc container, but I do not reproduce and the issue was closed.
I now use dockers on OpenWrt, but it is a WIP also...

Upon finding this issue 17 @ cs-nginx-bouncer I thought you got it working.

Following https://github.com/justincormack/ljsyscall, I first tried with it, since it did not work, I then installed https://github.com/jmckaskill/luaffi and now nginx works with the cs-nginx-bouncer.

You can see the working OpenWRT packages here

1 Like

I'm using crowdsec-firewall-bouncer on many OpenWRT devices connected with my domain LAPI server (which collect many crowdsec machines, mostly nginx), it works great. Actually, crowdsec package is not mandatory for that usage, it would be great if it was not a dependency.

1 Like

Exact, thanks for the report, I can add this modification in the next release…
You can also open an issue at openwrt’s packages github to help me not forget ?

1 Like

Open

1 Like

PR : https://github.com/openwrt/packages/pull/17407

You may test the results packages from the PR build check/tests...

Is there a pull planned for the new version? i tried a simple install today and it appears to be out of date. Also OpenWrt doesn't use systemctl. Is there a guide to differences or a wiki entry for using on OpenWrt?

root@OpenWrt:~# opkg list crowdsec
crowdsec - 1.2.1-1 - Crowdsec - An open-source, lightweight agent to detect
 and respond to bad behaviours.
 It also automatically benefits from a global
 community-wide IP reputation database.

 This package contains the main program.
root@OpenWrt:~# opkg install crowdsec
Multiple packages (libgcc1 and libgcc1) providing same name marked HOLD or PREFER. Using latest.
Installing crowdsec (1.2.1-1) to root...
Downloading https://downloads.openwrt.org/releases/21.02-SNAPSHOT/packages/aarch64_generic/packages/crowdsec_1.2.1-1_aarch64_generic.ipk
Configuring crowdsec.
WARN[07-01-2022 12:56:42 PM] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[07-01-2022 12:56:42 PM] push and pull to Central API disabled
INFO[07-01-2022 12:56:42 PM] Machine '5cd5a4171fbda4fd0034a7fe50f90ccftX7oNhgSVnFuAwe2' successfully added to the local API
INFO[07-01-2022 12:56:42 PM] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
WARN[07-01-2022 12:56:42 PM] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[07-01-2022 12:56:42 PM] push and pull to Central API disabled
INFO[07-01-2022 12:56:44 PM] Successfully registered to Central API (CAPI)
INFO[07-01-2022 12:56:44 PM] Central API credentials dumped to '/etc/crowdsec/online_api_credentials.yaml'
WARN[07-01-2022 12:56:44 PM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.
WARN[07-01-2022 12:56:44 PM] Crowdsec is not the latest version. Current version is 'v1.2.1' and the latest stable version is 'v1.2.2'. Please update it!
WARN[07-01-2022 12:56:44 PM] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.2.2
INFO[07-01-2022 12:56:44 PM] Wrote new 191129 bytes index to /etc/crowdsec/hub/.index.json
WARN[07-01-2022 12:56:44 PM] Crowdsec is not the latest version. Current version is 'v1.2.1' and the latest stable version is 'v1.2.2'. Please update it!
WARN[07-01-2022 12:56:44 PM] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.2.2
INFO[07-01-2022 12:56:45 PM] crowdsecurity/syslog-logs : OK
INFO[07-01-2022 12:56:45 PM] /etc/crowdsec/parsers/s00-raw doesn't exist, create
INFO[07-01-2022 12:56:45 PM] Enabled parsers : crowdsecurity/syslog-logs
INFO[07-01-2022 12:56:45 PM] crowdsecurity/geoip-enrich : OK
INFO[07-01-2022 12:56:45 PM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb' in '/srv/crowdsec/data/GeoLite2-City.mmdb'
INFO[07-01-2022 12:57:13 PM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb' in '/srv/crowdsec/data/GeoLite2-ASN.mmdb'
INFO[07-01-2022 12:57:16 PM] /etc/crowdsec/parsers/s02-enrich doesn't exist, create
INFO[07-01-2022 12:57:16 PM] Enabled parsers : crowdsecurity/geoip-enrich
INFO[07-01-2022 12:57:16 PM] crowdsecurity/dateparse-enrich : OK
INFO[07-01-2022 12:57:16 PM] Enabled parsers : crowdsecurity/dateparse-enrich
INFO[07-01-2022 12:57:16 PM] crowdsecurity/sshd-logs : OK
INFO[07-01-2022 12:57:16 PM] /etc/crowdsec/parsers/s01-parse doesn't exist, create
INFO[07-01-2022 12:57:16 PM] Enabled parsers : crowdsecurity/sshd-logs
INFO[07-01-2022 12:57:17 PM] crowdsecurity/ssh-bf : OK
INFO[07-01-2022 12:57:17 PM] Enabled scenarios : crowdsecurity/ssh-bf
INFO[07-01-2022 12:57:17 PM] crowdsecurity/ssh-slow-bf : OK
INFO[07-01-2022 12:57:17 PM] Enabled scenarios : crowdsecurity/ssh-slow-bf
INFO[07-01-2022 12:57:17 PM] crowdsecurity/sshd : OK
WARN[07-01-2022 12:57:17 PM] crowdsecurity/sshd : overwrite
INFO[07-01-2022 12:57:17 PM] Enabled collections : crowdsecurity/sshd
INFO[07-01-2022 12:57:17 PM] crowdsecurity/linux : OK
INFO[07-01-2022 12:57:17 PM] /etc/crowdsec/collections/sshd.yaml already exists.
INFO[07-01-2022 12:57:17 PM] Enabled collections : crowdsecurity/linux
INFO[07-01-2022 12:57:17 PM] Enabled crowdsecurity/linux
INFO[07-01-2022 12:57:17 PM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.
WARN[07-01-2022 12:57:17 PM] Crowdsec is not the latest version. Current version is 'v1.2.1' and the latest stable version is 'v1.2.2'. Please update it!
WARN[07-01-2022 12:57:17 PM] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.2.2
INFO[07-01-2022 12:57:18 PM] crowdsecurity/whitelists : OK
INFO[07-01-2022 12:57:18 PM] Enabled parsers : crowdsecurity/whitelists
INFO[07-01-2022 12:57:18 PM] Enabled crowdsecurity/whitelists
INFO[07-01-2022 12:57:18 PM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.
WARN[07-01-2022 12:57:18 PM] Crowdsec is not the latest version. Current version is 'v1.2.1' and the latest stable version is 'v1.2.2'. Please update it!
WARN[07-01-2022 12:57:18 PM] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.2.2
INFO[07-01-2022 12:57:18 PM] Upgrading collections
INFO[07-01-2022 12:57:18 PM] crowdsecurity/sshd : up-to-date
INFO[07-01-2022 12:57:18 PM] crowdsecurity/linux : up-to-date
INFO[07-01-2022 12:57:18 PM] All collections are already up-to-date
INFO[07-01-2022 12:57:18 PM] Upgrading parsers
INFO[07-01-2022 12:57:18 PM] crowdsecurity/whitelists : up-to-date
INFO[07-01-2022 12:57:18 PM] crowdsecurity/geoip-enrich : up-to-date
INFO[07-01-2022 12:57:18 PM] crowdsecurity/dateparse-enrich : up-to-date
INFO[07-01-2022 12:57:18 PM] crowdsecurity/sshd-logs : up-to-date
INFO[07-01-2022 12:57:18 PM] crowdsecurity/syslog-logs : up-to-date
INFO[07-01-2022 12:57:18 PM] All parsers are already up-to-date
INFO[07-01-2022 12:57:18 PM] Upgrading scenarios
INFO[07-01-2022 12:57:18 PM] crowdsecurity/ssh-slow-bf : up-to-date
INFO[07-01-2022 12:57:18 PM] crowdsecurity/ssh-bf : up-to-date
INFO[07-01-2022 12:57:18 PM] All scenarios are already up-to-date
INFO[07-01-2022 12:57:18 PM] Upgrading postoverflows
INFO[07-01-2022 12:57:18 PM] No postoverflows installed, nothing to upgrade
root@OpenWrt:~# sudo systemctl reload crowdsec
sudo: systemctl: command not found
root@OpenWrt:~# systemctl reload crowdsec
-ash: systemctl: not found
root@OpenWrt:~# service crowdsec status
running

Yes, I will work on the new versions soon...
I also may implement some evolution in regards of users feedbacks, from this topic...

systemctl is not implemented in OpenWrt.
You may use service and init.d calls in place:
like /etc/init.d/crowdsec status or service crowdsec status

Why do you say it is "out of date" ?

For Wiki, I still have no time free to work on it.

I guessed that a PR needed doing for this. I've finally got around to playing with crowdsec on my R4S.

No problem. I'll see if i can knock a little guide up for the wiki just as a placeholder and starter with links back to crowdsec's own wiki. Just pointing out the little differences will aid users for usage.

1 Like