diff --git a/services/crowdsec.nix b/services/crowdsec.nix index 654bb9e..b39cf3d 100644 --- a/services/crowdsec.nix +++ b/services/crowdsec.nix @@ -87,6 +87,22 @@ in # config.yaml — main agent + LAPI configuration config.api.server.listen_uri = "127.0.0.1:8081"; # 8080 is qBit + # Drop alerts originating from LAN clients before they're scored. + # Without this, repeated Authelia 401s from inside the house (e.g. + # a stale browser session on the gaming desktop) trip ssh-bf / + # http-bf scenarios and the firewall bouncer self-bans 10.0.0.x. + parsers.s02Enrich = [ + { + name = "nordhammer/lan-whitelist"; + description = "Whitelist LAN + loopback to prevent self-bans"; + whitelist = { + reason = "Local LAN"; + ip = [ "127.0.0.1" "::1" ]; + cidr = [ "10.0.0.0/24" ]; + }; + } + ]; + # Log sources to ingest acquisitions = [ {