github-starred/awesome-sysadmin
2
0
Fork 0
mirror of https://github.com/awesome-foss/awesome-sysadmin.git synced 2026-05-07 02:47:56 -05:00
Code Issues 452 Packages Projects Releases Wiki Activity

[PR #701] Add CrowdSec Blocklist Import to Monitoring #4669

New Issue
Open
opened 2026-04-24 12:07:23 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-24 12:07:23 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/awesome-foss/awesome-sysadmin/pull/701
Author: @wolffcatskyy
Created: 3/13/2026
Status: 🔄 Open

Base: masterHead: add-crowdsec-blocklist-import

📝 Commits (1)

  • e34a9a7 Add CrowdSec Blocklist Import to Monitoring

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 README.md (+1 -0)

📄 Description

  • Your additions are Free software
  • Software you are submitting is not your own, unless you have a healthy ecosystem with a few contributors (which aren't your sock puppet accounts).
  • Submit one item per pull request. This eases reviewing and speeds up inclusion.
  • Format your submission as follows, where Demo and Clients are optional.
    Do not add a duplicate Source code link if it is the same as the main link.
    Keep the short description under 80 characters and use sentence case
    for it, even if the project's webpage or readme uses another capitalisation.
    Demo links should only be used for interactive demos, i.e. not video demonstrations.
    - [Name](http://homepage/) - Short description, under 250 characters, sentence case. ([Demo](http://url.to/demo), [Source Code](http://url.of/source/code), [Clients](https://url.to/list/of/related/clients-or-apps)) `License` `Language`
  • Additions are inserted preserving alphabetical order.
  • Additions are not already listed at awesome-selfhosted
  • The Language tag is the main server-side requirement for the software. Don't include frameworks or specific dialects.
  • You have searched the repository for any relevant issues or PRs, including closed ones.
  • Any category you are creating has the minimum requirement of 3 items.
  • Any software project you are adding to the list is actively maintained.
  • The pull request title is informative, unlike "Update README.md".
    Suggested titles: "Add aaa to bbb" for adding software aaa to section bbb,
    "Remove aaa from bbb" for removing, "Fix license for aaa", etc.
  • Why is it awesome?

CrowdSec Blocklist Import aggregates 36+ free threat intelligence feeds (AbuseIPDB, Spamhaus, Blocklist.de, Tor exit nodes, etc.) into CrowdSec, adding 120k+ IP decisions beyond CrowdSec's built-in community blocklist. It runs as a lightweight Docker container with configurable update intervals, supports custom blocklist URLs, and integrates directly with CrowdSec's Local API. For anyone running CrowdSec, it significantly increases threat coverage at zero cost.

  • Have you used it? For how long?

Yes, I have been using it since January 2025 (over a year). It runs 24/7 on my homelab as a Docker container alongside CrowdSec.

  • Is this in a personal or professional setup?

Personal homelab, but it protects production services exposed to the internet (reverse proxy, media servers, web applications).

  • How many devices/users/services/... do you manage with it?

It feeds threat intelligence to CrowdSec which protects 15+ Docker containers behind a Caddy reverse proxy, a UniFi firewall, and several web-facing services across a multi-host network.

  • Biggest pros/cons compared to other solutions?

Pros: Dead simple setup (single Docker container, one env file), aggregates many free feeds that would otherwise require individual integration, updates automatically, supports custom blocklist URLs for organization-specific feeds. Cons: Requires an existing CrowdSec installation (it's a companion tool, not standalone), and large blocklists can briefly spike CPU during import cycles.

  • Any other comments about your use case, things you've found excellent, limitations you've encountered... ?

The project has an active community (180+ GitHub stars, external contributors submitting PRs for features like API key file support, Grafana dashboards, and additional blocklist sources). The maintainer is responsive and ships regular releases. It fills a real gap in CrowdSec's ecosystem by making threat feed aggregation turnkey.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/awesome-foss/awesome-sysadmin/pull/701 **Author:** [@wolffcatskyy](https://github.com/wolffcatskyy) **Created:** 3/13/2026 **Status:** 🔄 Open **Base:** `master` ← **Head:** `add-crowdsec-blocklist-import` --- ### 📝 Commits (1) - [`e34a9a7`](https://github.com/awesome-foss/awesome-sysadmin/commit/e34a9a773761ecfe9502804c414d7167b5e9cf6f) Add CrowdSec Blocklist Import to Monitoring ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+1 -0) </details> ### 📄 Description - [x] Your additions are [Free software](https://en.wikipedia.org/wiki/Free_software) - [x] Software you are submitting is not your own, unless you have a healthy ecosystem with a few contributors (which aren't your sock puppet accounts). - [x] Submit one item per pull request. This eases reviewing and speeds up inclusion. - [x] Format your submission as follows, where `Demo` and `Clients` are optional. Do not add a duplicate `Source code` link if it is the same as the main link. Keep the short description under 80 characters and use [sentence case](https://en.wikipedia.org/wiki/Letter_case#Sentence_case) for it, even if the project's webpage or readme uses another capitalisation. `Demo` links should only be used for interactive demos, i.e. not video demonstrations. ``- [Name](http://homepage/) - Short description, under 250 characters, sentence case. ([Demo](http://url.to/demo), [Source Code](http://url.of/source/code), [Clients](https://url.to/list/of/related/clients-or-apps)) `License` `Language` `` - [x] Additions are inserted preserving alphabetical order. - [x] Additions are not already listed at [awesome-selfhosted](https://awesome-selfhosted.net) - [x] The `Language` tag is the main **server-side** requirement for the software. Don't include frameworks or specific dialects. - [x] You have searched the repository for any relevant [issues](https://github.com/awesome-foss/awesome-sysadmin/issues) or [PRs](https://github.com/awesome-foss/awesome-sysadmin/pulls), including closed ones. - [x] Any category you are creating has the minimum requirement of 3 items. - [x] Any software project you are adding to the list is actively maintained. - [x] The pull request title is informative, unlike "Update README.md". Suggested titles: "Add aaa to bbb" for adding software aaa to section bbb, "Remove aaa from bbb" for removing, "Fix license for aaa", etc. -------------- - **Why is it awesome?** CrowdSec Blocklist Import aggregates 36+ free threat intelligence feeds (AbuseIPDB, Spamhaus, Blocklist.de, Tor exit nodes, etc.) into CrowdSec, adding 120k+ IP decisions beyond CrowdSec's built-in community blocklist. It runs as a lightweight Docker container with configurable update intervals, supports custom blocklist URLs, and integrates directly with CrowdSec's Local API. For anyone running CrowdSec, it significantly increases threat coverage at zero cost. - **Have you used it? For how long?** Yes, I have been using it since January 2025 (over a year). It runs 24/7 on my homelab as a Docker container alongside CrowdSec. - **Is this in a personal or professional setup?** Personal homelab, but it protects production services exposed to the internet (reverse proxy, media servers, web applications). - **How many devices/users/services/... do you manage with it?** It feeds threat intelligence to CrowdSec which protects 15+ Docker containers behind a Caddy reverse proxy, a UniFi firewall, and several web-facing services across a multi-host network. - **Biggest pros/cons compared to other solutions?** Pros: Dead simple setup (single Docker container, one env file), aggregates many free feeds that would otherwise require individual integration, updates automatically, supports custom blocklist URLs for organization-specific feeds. Cons: Requires an existing CrowdSec installation (it's a companion tool, not standalone), and large blocklists can briefly spike CPU during import cycles. - **Any other comments about your use case, things you've found excellent, limitations you've encountered... ?** The project has an active community (180+ GitHub stars, external contributors submitting PRs for features like API key file support, Grafana dashboards, and additional blocklist sources). The maintainer is responsive and ships regular releases. It fills a real gap in CrowdSec's ecosystem by making threat feed aggregation turnkey. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-24 12:07:23 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
addition
curation
discussion
duplicate
enhancement
feedback needed
fix
help wanted
invalid
non-free
not awesome enough
pull-request
Mirrored from GitHub Pull Request
 question / discussion
reviewers wanted
tools
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-sysadmin#4669
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?