One of my internal IP’s (192.168.1.14) has been backlisted so that the PC can no longer access the web, cause of the alert is …
But in the crowdsec console i simply cannot find anywhere to whitelist this unless I upgrade to the paid for option?
Or am i missing something?
thanks
Harry
PS I just ran the following in the pfsense console …
cscli parsers install crowdsecurity/whitelists
But how do i add my internal ip range to this list once installed in pfsense?
PPS. Apparently no need to edit, as running…
cat /usr/local/etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
gives......
name: crowdsecurity/whitelists
description: "Whitelist events from private ipv4 addresses"
whitelist:
reason: "private ipv4/ipv6 ip/ranges"
ip:
- "127.0.0.1"
- "::1"
cidr:
- "192.168.0.0/16"
- "10.0.0.0/8"
- "172.16.0.0/12"
# expression:
# - "'foo.com' in evt.Meta.source_ip.reverse"