Crowdsec whitelist

[xpking]

Dear all,

May I know if there is whitelist in crowdsec opnsense?

I followed this page:https://docs.crowdsec.net/docs/whitelist/create/
and created the file /usr/local/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml
with below content.

Code Select Expand


name: crowdsecurity/whitelists
description: "Whitelist events from my ip addresses"
whitelist:
  reason: "my ip ranges"
  ip:
    - "192.168.2.254"

~


I removed the Decision, and restarted Crowdsec.
I can see the file loaded in Parsers tab.
But it doesn't work.
I checked the Decision tab and the IP is banned again.

Parsers tab

Code Select Expand


mywhitelists.yaml enabled,local /usr/local/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml


Decision tab:

Code Select Expand


3051281 crowdsec Ip:192.168.2.254 firewallservices/pf-scan-multi_ports ban 16
an hour 990


Anyone have ideas how to add the IP to whitelist?
Thank you.

[cookiemonster]

maybe crowdsec discord can get you help? https://discord.com/channels/921520481163673640/1003971753200074752

[(～￣▽￣)～]

Maybe this can help.
https://app.crowdsec.net/hub/author/crowdsecurity/configurations/whitelists

[ApeDogg]

in my case the IP was on the CAPI list so i had to follow those instructions but it didn't work until i ran the CLI command

Code Select Expand

cscli decisions delete --ip 1.2.3.4 from the shell.

(update) it was blocked again today probably after updating with the API, so it seems the whitelist procedure isn't working.

[MastrBlastr25]

I've never used Crowdsec before so this may not be the best solution, but what I did was run

Code Select Expand

cscli parsers install crowdsecurity/whitelists
which creates a whitelist.yaml file in
/usr/local/etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity
then I edited that file to whatever I desire. After restarting Crowdsec it shows as 'enabled,tainted' but I guess 'tainted' just means the default auto-generated config was updated. It seems to be working