CrowdSec and Whitelist ?

[shproto]

hi,

is it possible to add whitelist under opnsense  gui ?

instead of create a manual list at /usr/local/etc/crowdsec/parsers/s02-enrich/whitelist.yml

as i've read at https://docs.crowdsec.net/docs/whitelist/create/
?


example of blocked internal address: 192.xxx.xxx.yyy blocked by internal decision

time="20-08-2022 12:25:17" level=debug msg="pf: add ban on 192.xxx.xxx.yyy for 9353 sec (crowdsecurity/ssh-bf)"
time="20-08-2022 12:25:17" level=debug msg="pfctl add: /sbin/pfctl -t crowdsec_blacklists -T add 192.xxx.xxx.yyy"
time="20-08-2022 12:25:17" level=debug msg="pfctl flush state: /sbin/pfctl -k 192.xxx.xxx.yyy"
time="20-08-2022 12:25:17" level=debug msg="Adding '192.xxx.xxx.yyy' for '2h35m53.746882625s'"
root@fw:/var/log/crowdsec # grep 192.xxx.xxx.yyy crowdsec-firewall-bouncer.log



root@fw:~ # pfctl -sr | grep block | grep 192.168
block drop in log on ! igb1 inet from 192.xxx.xxx.0/24 to any
block drop in log on ! igb3 inet from 192.xxx.xxx.0/24 to any
block drop in log on ! igb0 inet from 192.xxx.xxx.0/24 to any
block drop in log quick on igb0 inet from 192.xxx.0.0/16 to any label "1eb94a38e58994641aff378c21d5984f"


root@fw:/var/log/crowdsec # cscli decisions list
+---------+----------+----------------+----------------------+--------+---------+----+--------+-------------------+----------+
|   ID    |  SOURCE  |  SCOPE:VALUE   |        REASON        | ACTION | COUNTRY | AS | EVENTS |    EXPIRATION     | ALERT ID |
+---------+----------+----------------+----------------------+--------+---------+----+--------+-------------------+----------+
| 1088201 | crowdsec | Ip:192.xxx.xxx.yyy | crowdsecurity/ssh-bf | ban    |         | 0  |      6 | 2h0m24.485586953s |      129 |
+---------+----------+----------------+----------------------+--------+---------+----+--------+-------------------+----------+
1 duplicated entries skipped

Best Regards