Previously only firewall filter was available and used, now this version allows to use firewall raw, which helps to reduce load of cpu/memory, especially on low resource devices. It implements #2
Breaking change because it requires some configuration env var name changes:
IP_FIREWALL_RULES_DST => IP_FIREWALL_FILTER_RULES_DST
IP_FIREWALL_RULES_SRC => IP_FIREWALL_FILTER_RULES_SRC
IPV6_FIREWALL_RULES_DST => IPV6_FIREWALL_FILTER_RULES_DST
IPV6_FIREWALL_RULES_SRC => IPV6_FIREWALL_FILTER_RULES_SRC
anything else if left as it was.
More details are in the README section https://github.com/nvtkaszpir/cs-mikrotik-bouncer-alt#firewall---filter-or-raw
Other notable changes:
- comparison to other CrowdSec integration tools
- updated Grafana dashboard and added docker-compose stack to allow for easier iteration in observability.
- some lines in log will have different keywords (
funcvalues) due to code refactor, so you may need to alter your rules if needed - address-list now uses local time in the name, fixes #4
- better explanation of certain options
- better visibility in the logs of the config used (configuration per line)
- logs show build info
- you can now build binary without a container, the binary is not published anywhere yet
- fix issue with building image locally, which were overwriting
latesttag - fix in go-cs-bouncer lib after dependency update
- bump deps to mitigate CVE