Protect your MikroTik router with CrowdSec

Automatically block malicious IPs on your MikroTik router using CrowdSec threat intelligence. Zero manual configuration, real-time updates, full observability.

Get Started View on GitHub

How it works

🛡️

CrowdSec detects

LAPI receives threat intelligence and community decisions

🔄

Bouncer syncs

Polls LAPI for new and expired decisions in real-time

🔥

RouterOS blocks

Firewall rules are created or removed via the RouterOS API

📊

You monitor

Prometheus metrics and Grafana dashboards for full visibility

Why cs-routeros-bouncer? 1.0

Zero Manual Configuration

Auto-creates and auto-removes firewall filter/raw rules on start/stop — no manual router setup needed.

Real-time IP Management

Adds IPs on ban, removes on unban. No bulk re-upload, no duplicates. ~1–3 ms per operation.

Self-Healing State

On start or restart, syncs CrowdSec decisions with MikroTik state — adds missing, removes stale entries automatically.

Full Observability

Prometheus metrics, structured logging, health endpoint, and a ready-to-use Grafana dashboard.

How it compares

Feature	funkolab archived	nvtkaszpir-alt	cs-routeros-bouncer
Auto-create firewall rules	❌	❌	✅
Individual IP add/remove	✅	❌	✅
No duplicate IPs	✅	❌	✅
State reconciliation on restart	❌	❌	✅
Remove rules on shutdown	❌	❌	✅
IPv6 support	✅	✅	✅
Output blocking	❌	✅	✅
Origin filtering (local-only mode)	❌	❌	✅
Prometheus metrics	❌	✅	✅
Health endpoint	❌	❌	✅
Go (compiled, low resource)	❌	❌	✅

Requirements

CrowdSec 1.5+ with LAPI accessible from the bouncer host
MikroTik RouterOS 7.x with API enabled (port 8728 or 8729 for TLS)
A dedicated RouterOS API user with appropriate permissions

Explore the docs

Quick Start Get up and running in 5 minutes with Docker or systemd.

Configuration Reference All configuration options explained with examples.

Monitoring & Metrics Prometheus metrics, Grafana dashboard, and health checks.

Troubleshooting Common issues and their solutions.