# Install CrowdSec on pfSense

## Step‑by‑Step Guide: Install CrowdSec on pfSense & Enroll in Console

### 1. **Access pfSense via SSH or Console**

- Connect to your pfSense firewall via SSH or the physical console.
- Gain shell access to run commands.

### 2. **Install CrowdSec Package**

- **Preferred method (using install script):**
    
    ```bash
    fetch https://raw.githubusercontent.com/crowdsecurity/pfSense-pkg-crowdsec/refs/heads/main/install-crowdsec.sh
    sh install-crowdsec.sh
    ```
    
    This script handles dependencies and installation automatically([docs.crowdsec.net](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).
- **Manual method (if script not available):**
    
    ```bash
    setenv IGNORE_OSVERSION yes
    pkg add -f <link to abseil>
    pkg add -f <link to re2>
    pkg add -f <link to crowdsec-firewall-bouncer>
    pkg add -f <link to crowdsec>
    pkg add -f <link to pfSense-pkg-crowdsec>
    ```
    
    Use the appropriate links from the Release "Assets" matching your FreeBSD version([docs.crowdsec.net](https://docs.crowdsec.net/docs/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec"), [forum.pfsense.com](https://forum.pfsense.com/topic/182694/crowdsec-finally-comming-to-pfsense/39?utm_source=chatgpt.com "Crowdsec finally comming to pfSense | Netgate Forum")).

### 3. **Configure CrowdSec via GUI**

- In pfSense Web UI, go to **Services → CrowdSec**.
- Enable these components depending on the desired setup size:
    
    
    - **Large** (Full setup): Remediation Component, Log Processor, **Local API** – default.
    - **Medium**: Disable Local API; connect to remote LAPI.
    - **Small**: Only Remediation enabled([docs.crowdsec.net](https://docs.crowdsec.net/docs/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).
- Click **Save** to activate your configuration.

### 4. **Verify Service Status**

- Navigate to **Status → Services** to start/stop CrowdSec or firewall‑bouncer services([docs.crowdsec.net](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).
- Alternatively, use shell commands:
    
    ```bash
    service crowdsec.sh start|stop|restart
    service crowdsec_firewall.sh start|stop|restart
    ```

### 5. **Viewing Alerts &amp; Blocked IPs**

- In pfSense UI, open **Status → CrowdSec** to see:
    
    
    - Registered log processors and remediations.
    - Installed hub items (scenarios, parsers).
    - Alerts and local decisions (you can manually revoke/unban)([docs.crowdsec.net](https://docs.crowdsec.net/docs/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).
- From **Diagnostics → Tables**, view blocked IPs lists. Or via shell:
    
    ```bash
    pfctl -T show -t crowdsec_blacklists
    pfctl -T show -t crowdsec6_blacklists
    cscli decisions list -a
    ```

### 6. **Test the Setup**

- To safely test blocking:
    
    ```bash
    cscli decisions add -t ban -d 2m -i <your_ip_address>
    ```
- Be aware: your SSH session will drop briefly; use a secondary IP or disable the anti-lockout rule([docs.crowdsec.net](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).

### 7. **Optional: Whitelist Local Networks**

- If you want to allow local subnet ranges (10.0.0.0/8, 192.168.x.x, etc.), install the whitelist parsers:
    
    ```bash
    cscli parsers install crowdsecurity/whitelists
    ```
- As of version 1.6.3, private networks are whitelisted by default([doc.crowdsec.net](https://doc.crowdsec.net/docs/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec"), [docs.crowdsec.net](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).

---

## Enroll Your pfSense Instance in CrowdSec Console

### A. **Setup Integration in the CrowdSec Console**

1. Log in to your \[CrowdSec Console\] account.
2. Go to **Blocklist → Integrations**.
3. Click **Connect** under pfSense.
4. Provide a meaningful name (e.g., "My Firewall").
5. Copy the credentials and integration ID — **this will only display once**([docs.crowdsec.net](https://docs.crowdsec.net/u/integrations/pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).

### B. **Configure pfSense to Fetch Blocklists**

1. In pfSense Web UI, go to **Firewall → Aliases → URLs → Add**.
2. Create a new URL alias:
    
    
    - Name: `crowdsec_blocklist` (or similar)
    - Type: `URL Table (IPs)`
    - URL:
        
        ```bash
        https://<username>:<password>@admin.api.crowdsec.net/v1/integrations/<integration_id>/content
        ```
    - Set update frequency (e.g., daily)([docs.crowdsec.net](https://docs.crowdsec.net/u/integrations/pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).
3. **Save** and **Apply**.

### C. **Create Firewall Rule to Block Malicious IPs**

1. Navigate to **Firewall → Rules → WAN (or desired interface)**.
2. Add a rule:
    
    
    - Action: **Block**
    - Interface: **WAN**
    - Source: use the alias created (`crowdsec_blocklist`)
    - Destination: Any
    - Description: e.g., “Block CrowdSec IPs”
3. Save and apply changes([docs.crowdsec.net](https://docs.crowdsec.net/u/integrations/pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).

---

## Summary Table of Steps

<table id="bkmrk-step-action-1%E2%83%A3-ssh-i"><thead><tr><th>Step</th><th>Action</th></tr></thead><tbody><tr><td>1⃣</td><td>SSH into pfSense</td></tr><tr><td>2⃣</td><td>Install CrowdSec package (script or manual)</td></tr><tr><td>3⃣</td><td>Enable components in **Services → CrowdSec**</td></tr><tr><td>4⃣</td><td>Verify and manage services in GUI or shell</td></tr><tr><td>5⃣</td><td>Monitor alerts, decisions, and blocked IPs</td></tr><tr><td>6⃣</td><td>Test blocking with a temporary ban rule</td></tr><tr><td>7⃣</td><td>Optionally whitelist local networks</td></tr><tr><td>8⃣</td><td>Enroll instance in CrowdSec Console (Integrations)</td></tr><tr><td>9⃣</td><td>Set up URL alias to fetch CrowdSec blocklist</td></tr><tr><td>1️⃣0️⃣</td><td>Create firewall rule to block malicious IPs</td></tr></tbody></table>

---

## Tips &amp; Caveats

- **Backup** your CrowdSec config separately — it does not migrate with pfSense backups([docs.crowdsec.net](https://docs.crowdsec.net/docs/getting_started/install_crowdsec_pfsense/?utm_source=chatgpt.com "pfSense | CrowdSec")).
- After major pfSense updates, **reinstall** the CrowdSec package if necessary — UI items may be removed even though configs remain([Netgate Forum](https://forum.netgate.com/topic/182694/crowdsec-finally-comming-to-pfsense?utm_source=chatgpt.com "Crowdsec finally comming to pfSense | Netgate Forum")).
- Ensure compatibility between your pfSense/FreeBSD version and the package architecture (e.g. amd64 vs ARM)([CrowdSec](https://discourse.crowdsec.net/t/install-on-pfsense/1815?utm_source=chatgpt.com "Install on pfsense - crowdsec - CrowdSec")).

---

By following these steps, you'll achieve a well‑integrated CrowdSec deployment on pfSense — complete with automated blocking, visibility into attacks, and centralized management via the CrowdSec Console.

<span style="color: rgb(224, 62, 45);">**Ins0mniA**</span>