(Translated by https://www.hiragana.jp/)
GitHub - Solvik/cs-exabgp-bouncer: Crowdsec bouncer to be used with exabgp to blackhole IP addresses
Skip to content

Crowdsec bouncer to be used with exabgp to blackhole IP addresses

Notifications You must be signed in to change notification settings

Solvik/cs-exabgp-bouncer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

cs-exabgp-bouncer

Crowdsec bouncer to be used with exabgp to blackhole IP addresses

Description

This repository is an example of how to integrate CrowdSec with Exabgp to blackhole IP to a BGP Peer within your network.

This has been tested to dynamicly blackhole prefix when the log4j vulnerability came out and prevent potential exploits.

Usage

Warning: if you use both ipv4 and both ipv6, you need to register 2 bouncers. Crowdsec use the API key to track decisions report while pulling the API

$ cscli bouncer add cs-exabgp-bouncer-ipv4
Api key for 'cs-bgp-bouncer-v4':

   b183089790450bc888dcb07e9cb13e51

Please keep this key since you will not be able to retrieve it!

You can copy this script in your /etc/exabgp/scripts/ directory and use the following configuration as an example:

process dynamic_routes_v4 {
    run python3 /etc/exabgp/script/cs-exabgp-bouncer.py -4 --api-key b183089790450bc888dcb07e9cb13e51 --next-hop 192.0.2.1;
    encoder text;
}

# ipv4 example
neighbor 192.168.0.253 {
    family {
     ipv4 unicast;
    }
    announce {
     ipv4
    }
    router-id 192.168.0.30;
    local-address 192.168.0.30;
    local-as 65001;
    peer-as 65000;

    api {
        processes [dynamic_routes_v4];
    }
}

Example

usage: cs-exabgp-bouncer.py [-h] [-6 | -4] --lapi-url LAPI_URL --api-key API_KEY --next-hop NEXT_HOP [-c COMMUNITY [COMMUNITY ...]] [-i INTERVAL]
cs-exabgp-bouncer.py: error: the following arguments are required: --lapi-url, --api-key, --next-hop

This script provide the ability to set BGP communities to your announce if your setup needs it.

About

Crowdsec bouncer to be used with exabgp to blackhole IP addresses

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages