0bs1d1an

@openwrt routers often run on tiny hardware with limited storage, which makes adding intrusion prevention such as @CrowdSec tricky.

I managed to set up only the lightweight firewall bouncer on #OpenWrt, and forward its logs via Syslog to the Security Engine in #Docker (server).

Result: community-powered IPS on tiny hardware. 🚀

Here's how to set this up yourself: https://kroon.email/site/en/posts/openwrt-crowdsec/

#OpenWrt #CrowdSec #SelfHosting #Security

Protecting OpenWrt using CrowdSec (via Syslog)

OpenWrt is an open source Linux project aimed at embedded devices to route network traffic (e.g. routers). I’ve consistently run OpenWrt on my home routers for over a decade now (I still remember the brief LEDE split), and it has since been my preferred home router OS. While I’ve also wanted to experiment with OPNsense (and pfSense before), I’ve never had a real reason to thus far, but I digress…​ It might be interesting to add some network security such as intrusion prevention to your residential gateway directly. You might of old be familiar with Fail2Ban, and I’ve happily used Fail2Ban for years. CrowdSec is a similar solution, albeit more community-driven. Klaus Agnoletti, then (still?) head of community at CrowdSec, summarised the similarities and differences between the two:

Guido Kroon
Oct 30 at 5:03pmWeb
Show threadCrowdSecOct 30
@0bs1d1an amazing to see CrowdSec running on @openwrt thanks for sharing the guide! 🚀
Show threadK3CANOct 31

Sounds like you’ve got the right idea.

It’s the bouncer that actually blocks the connections, so your edge router is a great place for it. If you’re sending the openwrt syslog to your security engine, too, you can also catch things like port scanning, which you wouldn’t be able to detect by only monitoring your server or application logs. Don’t forget to actually load your scenarios, though!