-
Notifications
You must be signed in to change notification settings - Fork 727
/
pkg-message.in
52 lines (38 loc) · 1.19 KB
/
pkg-message.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
[
{ type: install
message: <<EOM
crowdsec-firewall-bouncer is installed.
Note: If you are using OPNsense or pfSense, ignore the following instructions and use the settings page of the
CrowdSec plugin.
-----
If you are running crowdsec on this machine, the bouncer will register itself with
the Local API when it's started the first time.
If the LAPI is on a different machine, you need to manually register the bouncer
and fill api_key and api_url in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml before
starting the service.
This package depends on the Packet Filter service.
To make sure it's active:
----------
# sysrc pf_enable=YES
pf_enable: NO -> YES
# service pf start
Enabling pf.
----------
Add the following in /etc/pf.conf to create the firewall tables and rules:
----------
table <crowdsec-blacklists> persist
table <crowdsec6-blacklists> persist
block drop in quick from <crowdsec-blacklists> to any
block drop in quick from <crowdsec6-blacklists> to any
----------
To apply the file:
# pfctl -f /etc/pf.conf
Then activate the bouncer via sysrc and run it:
----------
# sysrc crowdsec_firewall_enable="YES"
crowdsec_firewall_enable: NO -> YES
# service crowdsec_firewall start
----------
EOM
}
]