Dear all,
May I know if there is whitelist in crowdsec opnsense?
I followed this page:https://docs.crowdsec.net/docs/whitelist/create/ (https://docs.crowdsec.net/docs/whitelist/create/)
and created the file /usr/local/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml
with below content.
name: crowdsecurity/whitelists
description: "Whitelist events from my ip addresses"
whitelist:
reason: "my ip ranges"
ip:
- "192.168.2.254"
~
I removed the Decision, and restarted Crowdsec.
I can see the file loaded in Parsers tab.
But it doesn't work.
I checked the Decision tab and the IP is banned again.
Parsers tab
mywhitelists.yaml enabled,local /usr/local/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml
Decision tab:
3051281 crowdsec Ip:192.168.2.254 firewallservices/pf-scan-multi_ports ban 16
an hour 990
Anyone have ideas how to add the IP to whitelist?
Thank you.
maybe crowdsec discord can get you help? https://discord.com/channels/921520481163673640/1003971753200074752
Maybe this can help.
https://app.crowdsec.net/hub/author/crowdsecurity/configurations/whitelists
in my case the IP was on the CAPI list so i had to follow those instructions but it didn't work until i ran the CLI command cscli decisions delete --ip 1.2.3.4 from the shell.
(update) it was blocked again today probably after updating with the API, so it seems the whitelist procedure isn't working.
I've never used Crowdsec before so this may not be the best solution, but what I did was run
cscli parsers install crowdsecurity/whitelists
which creates a whitelist.yaml file in
/usr/local/etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity
then I edited that file to whatever I desire. After restarting Crowdsec it shows as 'enabled,tainted' but I guess 'tainted' just means the default auto-generated config was updated. It seems to be working