jmrplens/cs-routeros-bouncer v1.4.1 on GitHub

CrowdSec Bouncer for MikroTik RouterOS - v1.4.1

This release adds configurable RouterOS firewall rule placement, allowing bouncer-managed rule blocks to be positioned beyond the previous top or bottom behavior. Managed blocks can now be placed at a numeric RouterOS print position, before or after an existing rule comment, and can be customized per firewall table and per address family.

Install via binary download, Docker, or build from source. See the documentation for setup instructions and RouterOS configuration examples.

Highlights

New rule placement strategies: top, bottom, position, before_comment, and after_comment.
Table-specific placement overrides for filter and raw rules.
IPv4 and IPv6 YAML overrides, including protocol-local filter and raw placement.
Ordered rule blocks keep whitelist, processed-traffic counting, deny/reject, and output rules in stable order.
Numeric placement uses zero-based RouterOS print positions; out-of-range positions append at the bottom.
Comment-based placement supports exact and contains matching with configurable top or bottom fallback.
Expanded validation, tests, metrics summaries, examples, and documentation for the new placement model.

Related issue: #21

Downloads

Choose the archive that matches the operating system and CPU architecture where the bouncer will run. Each archive includes the cs-routeros-bouncer binary, LICENSE, README.md, and the example configuration file.

Operating system	Architecture	Download	Size
Linux	`arm64`	cs-routeros-bouncer_1.4.1_linux_arm64.tar.gz	5.2 MB
Linux	`armv6`	cs-routeros-bouncer_1.4.1_linux_armv6.tar.gz	5.4 MB
Linux	`armv7`	cs-routeros-bouncer_1.4.1_linux_armv7.tar.gz	5.4 MB
Linux	`i386`	cs-routeros-bouncer_1.4.1_linux_i386.tar.gz	5.5 MB
Linux	`mips64le`	cs-routeros-bouncer_1.4.1_linux_mips64le.tar.gz	4.9 MB
Linux	`mipsle`	cs-routeros-bouncer_1.4.1_linux_mipsle.tar.gz	5.1 MB
Linux	`riscv64`	cs-routeros-bouncer_1.4.1_linux_riscv64.tar.gz	5.4 MB
Linux	`x86_64`	cs-routeros-bouncer_1.4.1_linux_x86_64.tar.gz	5.7 MB
macOS	`arm64`	cs-routeros-bouncer_1.4.1_darwin_arm64.tar.gz	5.4 MB
macOS	`x86_64`	cs-routeros-bouncer_1.4.1_darwin_x86_64.tar.gz	5.8 MB
FreeBSD	`arm64`	cs-routeros-bouncer_1.4.1_freebsd_arm64.tar.gz	5.2 MB
FreeBSD	`armv6`	cs-routeros-bouncer_1.4.1_freebsd_armv6.tar.gz	5.4 MB
FreeBSD	`armv7`	cs-routeros-bouncer_1.4.1_freebsd_armv7.tar.gz	5.4 MB
FreeBSD	`x86_64`	cs-routeros-bouncer_1.4.1_freebsd_x86_64.tar.gz	5.7 MB
Windows	`arm64`	cs-routeros-bouncer_1.4.1_windows_arm64.zip	5.3 MB
Windows	`x86_64`	cs-routeros-bouncer_1.4.1_windows_x86_64.zip	5.9 MB

Docker

docker pull ghcr.io/jmrplens/cs-routeros-bouncer:1.4.1

Published image tags:

ghcr.io/jmrplens/cs-routeros-bouncer:1.4.1
ghcr.io/jmrplens/cs-routeros-bouncer:latest

Verification and SBOM

SHA-256 checksums: checksums.txt
Sigstore bundle for checksums: checksums.txt.sigstore.json
SBOM files are published next to each archive as *.spdx.json.
Sigstore bundles for SBOMs are published as *.spdx.json.sigstore.json.

To verify a downloaded archive:

sha256sum -c checksums.txt --ignore-missing

Changelog

Added

Configurable RouterOS firewall rule placement for managed rule blocks.
Numeric position placement using zero-based RouterOS print numbering.
before_comment and after_comment placement strategies with exact or contains matching.
Per-table filter and raw placement overrides.
YAML-only IPv4 and IPv6 placement overrides.

Changed

Firewall rules are now created and moved as ordered blocks, preserving internal rule order.
Metrics and logs expose compact placement summaries for easier troubleshooting.
Documentation and examples now cover structured placement, fallbacks, and protocol/table precedence.

Other

8c902ba Support configurable RouterOS firewall rule placement (#29)

Full Changelog: v1.4.0...v1.4.1