Categories
IT Stuff

Shorewall bouncer script for Crowdsec

If, like me, you have started using Crowdsec on your linux servers and you also use Shorewall and Shorewall6 for managing your iptables rules, you will have no doubt found that there is no native bouncer available in the crowdsec repo. I found a blog post at http://www.sysadminguide.net/crowdsec-and-shorewall/ which contained a bash script to be used with the crowdsec-custom-bouncer, but as I use both IPv4 and IPv6 on my servers, this script did not work. So I have modified the script to the below and have been testing it successfully for a few days now. Feel free to use this if it is of use to you.

#!/bin/sh
#
# Script to add /remove IPs to shorewall blacklist

#determine action
if [ "$1" = "add" ]; then
if [[ "$2" =~ .*[.].* ]]; then
logger -t crsec-shorewall4 "add $2 for $3 with $4"
shorewall drop "$2"  > /dev/null 2>&1
elif [[ "$2" =~ .*[:].* ]]; then
logger -t crsec-shorewall6 "add $2 for $3 with $4"
shorewall6 drop "$2"  > /dev/null 2>&1
fi
elif [ "$1" = "del" ]; then
if [[ "$2" =~ .*[.].* ]]; then
logger -t crsec-shorewall4 "del $2 for $3 with $4"
shorewall allow "$2"  > /dev/null 2>&1
elif [[ "$2" =~ .*[:].* ]]; then
logger -t crsec-shorewall6 "del $2 for $3 with $4"
shorewall6 allow "$2"  > /dev/null 2>&1
fi
else
logger -t crsec-shorewall "unknon action"
fi

Save the above code into a file such as /etc/crowdsec/bouncers/crsec-shorewall.sh and make it exectuable. Next edit the /etc/crowdsec/bouncers/crowdsec-custom-bouncer.yaml file and edit the line bin_path: to read

bin_path: /etc/crowdsec/bouncers/crsec-shorewall.sh

Save the file and restart the crowdsec-custom-bouncer and your shorewall should now be used to add and remove ip address bans.

130 Total Views 1 Views Today

Leave a Reply

Your email address will not be published. Required fields are marked *