OPNSense - Installing CrowdSec

To secure your network from an external attack, CrowdSec is an opensource IPS (Intrusion Prevention System) that constantly gathers "blacklisted IPs" among it's users to prevent such scenario.

The state of the machine is based on a fresh installation of OPNSense, a single WAN and bridging of 5 LAN ports together with a single gateway @ 192.168.18.1

• Click System -> Firmware -> Plugins

• Type "crowdsec" at the search box

• os-crowdsec should appear and click the + icon to install

Installation completed

• Click Services -> CrowdSec -> Settings -> Settings tab

• Check that all the 3 boxes are checked by default

By default, all incoming connection to the machine will be screen against CrowdSec database. However, for outgoing connections (e.g. from LAN to WAN), it will not be screen at all. Thus, as a precautionary purpose, an outgoing rule have been setup to perform such screening against CrowdSec database.

• Click Firewall -> Rules -> Floating -> +

• Perform the selection as highlighted below and click Save and Apply changes (not shown below)

Firewall rule has been setup for outgoing traffic

To check the activation of CrowdSec:

• Click Services -> CrowdSec -> Overview

• Ensure green tick status @ crowdsec, firewall bouncer and validation

• Click Firewall -> Aliases

• Check that blacklists from CrowdSec are loaded

Recommended posts

1. Click here for hardware and assembly used in this post

2. Click here for a fresh installation of OPNSense

3. Click here for bridging your LAN ports