Hey all, i’ve decided I should probably setup something else to help block nefarious IP addresses. I’ve been looking into CrowdSec and Fail2Ban but i’m not really sure the best one to use.
My setup is OpnSense -> Nginx Proxy Manager -> Servers. I think I need to setup CrowdSec/Fail2Ban on the Nginx Proxy Manager to filter the access logs, then ideally it would setup the blocks on OpnSense - but i’m not sure that can be done?
Any experience in a setup like this? I’ve found a few guides but some of them seem fairly outdated.
Edit: thanks everybody for the great info. General consensus seems to be with crowdsec so I’ll go down that path and see how it goes.
I’ve been meaning to check out crowdsec because it seems to fit my niche usage. Wuzah seems VERY powerful and something I could likely use at work so that’s an advantage but very complex. Fail2ban is good at what it does but very simplistic and would require a lot of individual instances that would seem like a bear to maintain. CrowdSec seems like it’s in the Goldilocks zone somewhere in the middle. Pretty powerful, not terribly hard to manage, and not too difficult to install. But I haven’t done anything with any of them yet so I’m not very much help. I am curious what you go with though.