hi,
is it possible to add whitelist under opnsense gui ?
instead of create a manual list at /usr/local/etc/crowdsec/parsers/s02-enrich/whitelist.yml
as i've read at https://docs.crowdsec.net/docs/whitelist/create/
?
example of blocked internal address: 192.xxx.xxx.yyy blocked by internal decision
Quotetime="20-08-2022 12:25:17" level=debug msg="pf: add ban on 192.xxx.xxx.yyy for 9353 sec (crowdsecurity/ssh-bf)"
time="20-08-2022 12:25:17" level=debug msg="pfctl add: /sbin/pfctl -t crowdsec_blacklists -T add 192.xxx.xxx.yyy"
time="20-08-2022 12:25:17" level=debug msg="pfctl flush state: /sbin/pfctl -k 192.xxx.xxx.yyy"
time="20-08-2022 12:25:17" level=debug msg="Adding '192.xxx.xxx.yyy' for '2h35m53.746882625s'"
root@fw:/var/log/crowdsec # grep 192.xxx.xxx.yyy crowdsec-firewall-bouncer.log
root@fw:~ # pfctl -sr | grep block | grep 192.168
block drop in log on ! igb1 inet from 192.xxx.xxx.0/24 to any
block drop in log on ! igb3 inet from 192.xxx.xxx.0/24 to any
block drop in log on ! igb0 inet from 192.xxx.xxx.0/24 to any
block drop in log quick on igb0 inet from 192.xxx.0.0/16 to any label "1eb94a38e58994641aff378c21d5984f"
root@fw:/var/log/crowdsec # cscli decisions list
+---------+----------+----------------+----------------------+--------+---------+----+--------+-------------------+----------+
| ID | SOURCE | SCOPE:VALUE | REASON | ACTION | COUNTRY | AS | EVENTS | EXPIRATION | ALERT ID |
+---------+----------+----------------+----------------------+--------+---------+----+--------+-------------------+----------+
| 1088201 | crowdsec | Ip:192.xxx.xxx.yyy | crowdsecurity/ssh-bf | ban | | 0 | 6 | 2h0m24.485586953s | 129 |
+---------+----------+----------------+----------------------+--------+---------+----+--------+-------------------+----------+
1 duplicated entries skipped
Best Regards