Windows Firewall
๐ Documentation ๐ Hub ๐ฌ Discourse
Overviewโ
The Windows firewall Remediation Component interacts with the Windows Firewall to block IPs banned by CrowdSec.
It will create multiple rules in the firewall (one rule will contain 1000 IPs) and will manage their lifecycle.
The rules are created on startup and automatically deleted when the component stops.
Installationโ
The .NET 6 runtime is required for the component to work !
You can download either a MSI (containing only the component) or a setup bundle (containing the component and the .NET 6 runtime) from the github releases: https://github.com/crowdsecurity/cs-windows-firewall-bouncer/releases
You can also install the component with Chocolatey (this will automatically install the .NET runtime):
choco install crowdsec-windows-firewall-bouncer
Configurationโ
The configuration is stored in C:\ProgramData\CrowdSec\bouncers\cs-windows-firewall-bouncer\cs-windows-firewall-bouncer.yaml
Exampleโ
api_key: <your-api-key>
api_url: http://127.0.0.1:8080
log_level: info
update_frequency: 10
log_media: file
log_dir: C:\\ProgramData\\CrowdSec\\log\\
fw_profiles:
- domain
Configuration referenceโ
api_keyโ
string
API key to use for communication with LAPI.
api_urlโ
string
URL of LAPI.
update_frequencyโ
int
How often the component will contact LAPI to update its content in seconds.
Defaults to 10.
log_mediaโ
file | console
Wether to log to file or to the console.
Defaults to file when running as service and console when running in interactive mode.
log_dirโ
string
Location of the log file.
Defaults to C:\ProgramData\CrowdSec\log\.
log_levelโ
trace | debug | info | warn | error | fatal
Log level.
Defaults to info.
fw_profilesโ
[ ]string
The firewall profile the rules will be associated with.
The component automatically select the current profile, but you can override this behaviour with this parameter.
Allowed values are:
domainprivatepublic