In case for Crowdsec for sure…
If you decide to delete the rule and restart the Crowdsec service it will add it again the firewall rule again. We can modify the Crowdsec service. But I don’t we want to go down that route… It will be painfull as *** when it updates …
Also I am not sure it will populate the “empty” one after it create the new one … So restart of the crowdsec service is needed anyway…
Tested crowdsec. Working. v-update-firewall + reboot. Thanks @eris
FYI: Will use this solution for another memory-only ipset. Should work fine with this solution.
I kindly request: If you start working on a solution to something you gave me a go ahead to work on, please let me know. I spent some time working on the proposed solution earlier in this thread, but will now abandon it.
I think we should consider adding crowdsec + crowdsec-firewall-bouncer with as an ADDITIONAL option to fail2ban. With zero config, it’s nice realtime malicious ip blocker that is doing something different than fail2ban. Maybe start with an install script in the repo?