Zero Manual Configuration
Auto-creates and auto-removes firewall filter/raw rules on start/stop — no manual router setup needed.
RouterOS Bouncer
cs-routeros-bouncer syncs CrowdSec decisions into MikroTik firewall rules with reconciliation, metrics, and safe cleanup.
How it works
Section titled “How it works”CrowdSec detects
LAPI receives malicious IP decisions
Bouncer syncs
Applies new bans and expires old ones
RouterOS blocks
Updates firewall rules through the API
You monitor
Checks health, metrics, and dashboards
Why cs-routeros-bouncer? 1.4.4
Section titled “Why cs-routeros-bouncer? ”Real-time IP Management
Adds IPs on ban, removes on unban. No bulk re-upload, no duplicates. ~1–3 ms per operation.
Self-Healing State
On start or restart, syncs CrowdSec decisions with MikroTik state — adds missing, removes stale entries automatically.
Full Observability
Prometheus metrics, structured logging, health endpoint, and a ready-to-use Grafana dashboard.
Requirements
Section titled “Requirements”- CrowdSec 1.5+ with LAPI accessible from the bouncer host
- MikroTik RouterOS 7.x with API enabled (port 8728 or 8729 for TLS)
- A dedicated RouterOS API user with appropriate permissions
Explore the docs
Section titled “Explore the docs” Quick Start Get up and running in 5 minutes with Docker or systemd.
Configuration Reference All configuration options explained with examples.
Monitoring & Metrics Prometheus metrics, Grafana dashboard, and health checks.
Troubleshooting Common issues and their solutions.