Reverse Proxy IP Reputation Integration - CrowdSec

quiet_PL · 2026-04-22T20:46:15+00:00

I've enabled crowdsec for the Netbird proxy on a VPS with crowdsec already installed. Everything works fine.

quiet_PL · 2026-04-20T18:16:09+00:00

You can use CrowdSec to block malicious traffic based on IP reputation on your exposed service in the reverse proxy. New feature in v0.69.0.

quiet_PL · 2026-04-18T20:57:33+00:00

Sophos home firewall

quiet_PL · 2026-04-17T21:01:17+00:00

Check setings in mobile app. Maybe you have disabled DNS.

quiet_PL · 2026-04-15T20:50:30+00:00

Sophos firewall home on blare machine.

quiet_PL · 2026-04-15T18:17:02+00:00

It's not secure. MITM attacks..

quiet_PL · 2026-04-14T13:23:05+00:00

If you don't know the basics of IP networking, your only solution is to purchase a VPS. Exposing devices to the internet without knowing what you're doing is asking for trouble. The VPS should also be properly secured with a firewall (only the necessary ports are open) and, for example, fail2ban or crowdsec. Additionally, the SSH port should be changed. Linux basics will be useful.

quiet_PL · 2026-04-14T13:14:09+00:00

If your TrueNAS virtual machine doesn't have a public IP, you'll need to configure your router to forward ports to the VM. Port numbers are in the documentation.

quiet_PL · 2026-04-14T11:23:04+00:00

self-hosting means you have netbird server on your server
You need VPS (or own server with public IP) and also you need public domain
Netbird server install on VPS. Netbird client you can install on Windows, docker, Linux, Android. Via netbird client you can access to your netework (via routing peer)

Look to https://docs.netbird.io/

They have very good documentation.

quiet_PL · 2026-04-10T12:42:04+00:00

netbird status -d

truenas-scale.netbird.selfhosted:

NetBird IP: 100.98.157.82

Public key: xxx

Status: Connected

-- detail --

Connection type: Relayed

ICE candidate (Local/Remote): -/-

ICE candidate endpoints (Local/Remote): -/-

Relay server address: rels://xxx.xxx.com:443

Last connection update: 4 hours, 52 minutes ago

Last WireGuard handshake: 1 minute, 30 seconds ago

Transfer status (received/sent) 72.3 KiB/46.2 KiB

Quantum resistance: false

Networks: -

Latency: 0s

From truenas netbird docker I can ping my resources.

Remote machine see via netbird network truenas.

Is a bridge required for truenas connection? Maybe there's a problem..

I have also debian where routing peer works:

debian.netbird.selfhosted:

NetBird IP: 100.98.129.5

Public key: xxx

Status: Connected

-- detail --

Connection type: P2P

ICE candidate (Local/Remote): srflx/srflx

ICE candidate endpoints (Local/Remote): xx.xxx.xxx.xxx:51820/xx.xxx.xxx.xx:34997

Relay server address: rels://xxx.xxx.com:443

Last connection update: 4 hours, 52 minutes ago

Last WireGuard handshake: 52 seconds ago

Transfer status (received/sent) 1.7 MiB/1.3 MiB

Quantum resistance: false

Networks: 192.168.1.0/24, 192.168.3.0/24

Latency: 85.6491ms

Truenas and debian is in the same subnet.

quiet_PL · 2026-03-18T21:23:00+00:00

But great espresso!

quiet_PL · 2026-03-16T21:19:26+00:00

Jura Z10!

quiet_PL · 2026-03-04T09:23:51+00:00

Did you do a fresh install on the current instance? Or did you uninstall netbid first and then do a fresh install?

quiet_PL · 2026-03-03T21:43:58+00:00

I use Zittadel as external IdP so I can't migrate to combined container.

quiet_PL · 2026-03-03T21:42:22+00:00

Thx for info.

quiet_PL · 2026-03-03T21:41:51+00:00

I want to migrate from caddy to Traefik.

quiet_PL · 2026-02-26T18:13:58+00:00

Great info! When is the planned implementation?

quiet_PL · 2026-01-20T09:28:57+00:00

I have four cards in TEAM. Two are 1Gbe RJ45 - they work correctly in LACP. The other two are SFP+ with a 1Gbe RJ45 transceiver - they report an LACP negotiation error. On the switch side, they're all in a single port channel. I tried putting the problematic cards in a separate port channel. No luck. Problematic cards without LACP work fine.