Merge pull request #149 from woopstar/patch-1

Add InsecureSkipVerify option

config.go

@@ -26,25 +26,26 @@ var NftablesMode = "nftables"
 var PfMode = "pf"
 
 type bouncerConfig struct {
-	Mode            string    `yaml:"mode"` //ipset,iptables,tc
-	PidDir          string    `yaml:"pid_dir"`
-	UpdateFrequency string    `yaml:"update_frequency"`
-	Daemon          bool      `yaml:"daemonize"`
-	LogMode         string    `yaml:"log_mode"`
-	LogDir          string    `yaml:"log_dir"`
-	LogLevel        log.Level `yaml:"log_level"`
-	CompressLogs    *bool     `yaml:"compress_logs,omitempty"`
-	LogMaxSize      int       `yaml:"log_max_size,omitempty"`
-	LogMaxFiles     int       `yaml:"log_max_files,omitempty"`
-	LogMaxAge       int       `yaml:"log_max_age,omitempty"`
-	APIUrl          string    `yaml:"api_url"`
-	APIKey          string    `yaml:"api_key"`
-	DisableIPV6     bool      `yaml:"disable_ipv6"`
-	DenyAction      string    `yaml:"deny_action"`
-	DenyLog         bool      `yaml:"deny_log"`
-	DenyLogPrefix   string    `yaml:"deny_log_prefix"`
-	BlacklistsIpv4  string    `yaml:"blacklists_ipv4"`
-	BlacklistsIpv6  string    `yaml:"blacklists_ipv6"`
+	Mode               string    `yaml:"mode"` //ipset,iptables,tc
+	PidDir             string    `yaml:"pid_dir"`
+	UpdateFrequency    string    `yaml:"update_frequency"`
+	Daemon             bool      `yaml:"daemonize"`
+	LogMode            string    `yaml:"log_mode"`
+	LogDir             string    `yaml:"log_dir"`
+	LogLevel           log.Level `yaml:"log_level"`
+	CompressLogs       *bool     `yaml:"compress_logs,omitempty"`
+	LogMaxSize         int       `yaml:"log_max_size,omitempty"`
+	LogMaxFiles        int       `yaml:"log_max_files,omitempty"`
+	LogMaxAge          int       `yaml:"log_max_age,omitempty"`
+	APIUrl             string    `yaml:"api_url"`
+	APIKey             string    `yaml:"api_key"`
+	InsecureSkipVerify *bool     `yaml:"insecure_skip_verify"` // check if api certificate is bad or not
+	DisableIPV6        bool      `yaml:"disable_ipv6"`
+	DenyAction         string    `yaml:"deny_action"`
+	DenyLog            bool      `yaml:"deny_log"`
+	DenyLogPrefix      string    `yaml:"deny_log_prefix"`
+	BlacklistsIpv4     string    `yaml:"blacklists_ipv4"`
+	BlacklistsIpv6     string    `yaml:"blacklists_ipv6"`
 
 	//specific to iptables, following https://github.com/crowdsecurity/cs-firewall-bouncer/issues/19
 	IptablesChains          []string `yaml:"iptables_chains"`

config/crowdsec-firewall-bouncer.yaml

@@ -11,6 +11,7 @@ log_max_backups: 3
 log_max_age: 30
 api_url: http://localhost:8080/
 api_key: ${API_KEY}
+insecure_skip_verify: false
 disable_ipv6: false
 deny_action: DROP
 deny_log: false

go.mod

@@ -3,25 +3,23 @@ module github.com/crowdsecurity/cs-firewall-bouncer
 go 1.14
 
 require (
-	github.com/ahmetb/dlog v0.0.0-20170105205344-4fb5f8204f26 // indirect
 	github.com/antonmedv/expr v1.9.0 // indirect
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
 	github.com/crowdsecurity/crowdsec v1.3.0
-	github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220209104231-631313ec9d39
+	github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220222102709-de69a955c07b
 	github.com/go-openapi/loads v0.21.1 // indirect
 	github.com/go-openapi/runtime v0.23.0 // indirect
 	github.com/go-openapi/strfmt v0.21.2 // indirect
 	github.com/go-openapi/swag v0.21.1 // indirect
-	github.com/go-stack/stack v1.8.1 // indirect
-	github.com/google/nftables v0.0.0-20220206174406-91d3b4571db1
+	github.com/google/nftables v0.0.0-20220221214239-211824995dcb
 	github.com/hashicorp/go-version v1.4.0 // indirect
-	github.com/logrusorgru/grokky v0.0.0-20180829062225-47edf017d42c // indirect
 	github.com/mdlayher/netlink v1.6.0 // indirect
+	github.com/mdlayher/socket v0.2.1 // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/vishvananda/netns v0.0.0-20190625233234-7109fa855b0f // indirect
 	go.mongodb.org/mongo-driver v1.8.3 // indirect
-	golang.org/x/sys v0.0.0-20220207234003-57398862261d
+	golang.org/x/sys v0.0.0-20220209214540-3681064d5158
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637
 	gopkg.in/yaml.v2 v2.4.0