Firewall with CrowdSec

NewPush Labs offers a pre-configured CrowdSec deployment right out of the box with Uncomplicated Firewall (UFW), which includes both a Traefik bouncer and a firewall bouncer for comprehensive security protection.

INFO

By default, all incoming traffic is denied except for HTTP (port 80), HTTPS (port 443), and OpenSSH (port 22). This configuration provides a secure baseline, allowing only essential services while blocking potential threats from unauthorized access attempts on other ports.

Architecture

The architecture diagram illustrates how CrowdSec integrates with system logs, application logs, and firewall logs to parse and analyze potential threats, making decisions that are then applied through bouncers to protect against malicious traffic via UFW and Traefik.

Features

NewPush Labs prioritizes security by implementing a robust firewall solution that combines the simplicity of Uncomplicated Firewall (UFW) with the advanced threat detection capabilities of CrowdSec. It comes with Grafana dashboards.

Uncomplicated Firewall

UFW provides a user-friendly interface for managing iptables, ensuring basic network protection, while CrowdSec offers real-time threat intelligence and collaborative security. This dual-layered approach creates a comprehensive defense mechanism, safeguarding the lab environment against a wide range of potential security threats and unauthorized access attempts.

• Simple and user-friendly interface for managing iptables
• Default deny incoming, allow outgoing policy
• Easy rule creation for allowing/denying specific ports or services
• Logging capabilities for firewall events

CrowdSec

• Real-time threat detection and prevention
• Collaborative security through shared blocklists
• Automatic IP reputation management
• Multi-source log parsing and analysis
• Customizable scenarios and rules for threat detection
• Integration with various services (e.g., Traefik, Firewall)
• API-based architecture for easy integration and extensibility

TIP

Consider exploring the deployment configuration to enable CAPTCHA functionality within Traefik.

traefik_crowdsec_bouncer: true
hcaptcha_site_key:

Usage

UFW Commands

UFW (Uncomplicated Firewall) can be managed using the following common commands:

1. Enable UFW:

sudo ufw enable

2. Check UFW status:

sudo ufw status verbose

3. Disable UFW:

sudo ufw disable

4. Allow incoming traffic on a specific port:

sudo ufw allow <port_number>

5. Deny incoming traffic on a specific port:

sudo ufw deny <port_number>

6. Allow incoming traffic from a specific IP address:

sudo ufw allow from <ip_address>

7. Remove a rule:

sudo ufw delete allow <port_number>

or

sudo ufw delete deny <port_number>

8. Reset UFW to default settings:

sudo ufw reset

Remember to use these commands with caution, as improper configuration can lead to unintended consequences for your network security.

CrowdSec Commands

CrowdSec can be managed using the cscli command-line tool. Here are some common commands:

1. Check CrowdSec status:

docker exec -it crowdsec cscli status

2. List active decisions (bans):

docker exec -it crowdsec cscli decisions list

3. Add a ban for an IP:

docker exec -it crowdsec cscli decisions add --ip <ip_address>

4. Remove a ban for an IP:

docker exec -it crowdsec cscli decisions delete --ip <ip_address>

5. Update CrowdSec

docker exec -it crowdsec cscli hub update

6. Metrics

docker exec -it crowdsec cscli metrics

TIP

You can remove all decisions with the following command:

docker exec -it crowdsec cscli decisions delete --all

These commands allow you to manage both UFW and CrowdSec effectively, providing comprehensive control over your firewall and threat detection system.