You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each line in the output represents a different source of blocked IPs, along with detailed metrics.
180
+
181
+
-`Origin` refers to the name of the source, which could be:
182
+
-`CAPI` - The community blocklist that you receive in exchange for the information you provide to the network
183
+
-`crowdsec (security engine)` - The decisions made by your Security Engine based on triggered scenarios
184
+
-`lists:*` - Various lists to which you are subscribed
185
+
-`active_decisions IPs` represents the number of IPs contained in the respective list
186
+
-`dropped bytes & packets` indicates the number of bytes and packets dropped by the firewall due to the actions of the specified origin
187
+
-`processed bytes & packets` is only present for the `Total` line, as it denotes the overall number of bytes and packets processed by your firewall.
188
+
189
+
190
+
As the firewall bouncer operates at the network level, most malicious programs will not progress beyond attempting to establish a connection (and being denied). Therefore, metrics cannot reflect the "potentially saved traffic."
191
+
192
+
### Ipset only mode
193
+
194
+
If you are running ipset only mode, crowdsec-firewall-bouncer tries parsing the output to produce metrics, but:
195
+
- "managed" firewalls such ufw might confuse parser and lead to inconsistent metrics.
196
+
- "total" counters amount since the machine start, or iptables counter are reset, which can lead to inconsistent metrics.
197
+
169
198
## Configuration Reference
170
199
171
200
You can find a default configuration hosted on the [Github Repository](https://github.com/crowdsecurity/cs-firewall-bouncer/blob/main/config/crowdsec-firewall-bouncer.yaml) this is provided with the installation package.
0 commit comments