Whitelists ranges and ips block
Hello,
i was wondering if ip addresses with CIDR /32 could be put under the ranges block in /etc/crowdsec/parsers/s02-enrich/whitelists.yaml ?
I added an IP address with CIDR range of /32 and it was present in agent and LAPI whitelists but got blocked anyway.
A /32 is technically a range.
Thanks in adavance for your help 🙂
6 Replies
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type
/unresolve© Created By WhyAydan for CrowdSec ❤️
It should do from my testing https://go.dev/play/p/KM7BA7M_7i2
Have you restarted the service and made sure the
name property doesnt clash with any others than are in s02Hello @iiamloz , thanks for answering, i only have the 4 default ones in parsers/s02-enrich:
dateparse-enrich.yaml
geoip-enrich.yaml
http-logs.yaml
whitelists.yaml
and no collision in the name property in those files
One last question, does an ip address in the
whitelist.ip list support the CIDR range ? Or do i have to stript it and just put the IP address between double quotes ?
if you want to use a CIDR (even a /32), you have to use the
cidr key insteadOk many thanks @iiamloz @blotus !
Resolving Whitelists ranges and ips block
This has now been resolved. If you think this is a mistake please run
/unresolve