crowdsec-mikrotik-bouncer ghcr.io/funkolab/cs-mikrotik-bouncer:latest https://github.com/funkolab/cs-mikrotik-bouncer/pkgs/container/cs-mikrotik-bouncer bridge sh false https://github.com/funkolab/cs-mikrotik-bouncer/pkgs/container/cs-mikrotik-bouncer https://app.crowdsec.net/hub/author/funkolab/remediation-components/cs-mikrotik-bouncer This repository aim to implement a CrowdSec bouncer for the router Mikrotik to block malicious IP to access your services. For this it leverages Mikrotik API to populate a dynamic Firewall Address List. Security: https://raw.githubusercontent.com/jcesclapez/unraid-templates/refs/heads/main/crowdsec-mikrotik-bouncer/crowdsec_mikrotik_logo.png 1733745304 Prerequisites: Generate a bouncer API key following CrowdSec documentation https://doc.crowdsec.net/docs/cscli/cscli_bouncers_add/ cscli bouncers add Mikrotik-0 Activate API in mikrotik IP -> Service -> Enable api and apply security Procedure: 1 Get a bouncer API key from your CrowdSec with command cscli bouncers add mikrotik-bouncer 2 Copy the API key printed. You WON'T be able the get it again. 3 Paste this API key as the value for bouncer environment variable CROWDSEC_BOUNCER_API_KEY, instead of "MyApiKey" 4 Start bouncer with docker-compose up bouncer in the example directory 5 Create IP drop Filter Rules in input and forward Chain with the crowdsec Source Address List 6 Create IPv6 drop Filter Rules in input and forward Chain with the crowdsec Source Address List (if IPv6 used) /ip/firewall/filter/ add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules" add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules" /ipv6/firewall/filter/ add action=drop src-address-list=crowdsec chain=input in-interface=your-wan-interface place-before=0 comment="crowdsec input drop rules" add action=drop src-address-list=crowdsec chain=forward in-interface=your-wan-interface place-before=0 comment="crowdsec forward drop rules" your-api-key http://crowdsec:8080/ your-ip-mikrotik:8728 your-mirkotik-user your-mikrotik-pass true true none 1