2026-02-03, 16:25–16:50, B.1.036
Crowdsec is something like fail2ban but across multiple hosts/clusters. Mitigation of the attacks can be done by for example in web server module, firewalls or custom components (formerly called bouncers). This is a story how to use a Mikrotik router as mitigation tool for Crowdsec using opensource project I forked few weeks ago.
This project is not affiliated in any way with CrowdSec nor MikroTik, thus use at your own risk.
Crowdsec is something like fail2ban but across multiple hosts/clusters. Mitigation of the attacks can be done by for example in web server module such as lua scripts in nginx, firewalls via iptables/nftables, kubernetes (yay because why not), or custom components (formerly called bouncers).
This is a story how the project was forked and how to to integrate Crowdsec into a Mikrotik router - https://github.com/nvtkaszpir/cs-mikrotik-bouncer-alt which is fully opensource . I will provide a short history why I did it, and what are the pros/cons of that solution. I provide some working examples of how much resources it takes to implement it, real usage graphs from the working system.
Few words about the ideas for improvements I have.
I'm also eager to listen to the suggestions from more advanced people in improving the solution.
From doing IT tech support with mac and windows, through AWS cloud video processing with PHP (sic!), cfengine/puppet/ansible stories, across Kubernetes toolset hell, down to the 400 multi-cloud kubernetes clusters doing platform. Now back to the roots of what devops means for me and small team of people I care at work most.
Some people know me from doing weird integrations with Prusa Mini :)