Comment by holysoles

I was referring to the rules/patterns provided by crowdsec rather than the distribution of known "bad" IPs through their Central API.

The default ban for traffic detected by your crowdsec instance is 4 hours, so that concern isn't very relevant in that case.

The decisions from the Central API from other users can be quite a bit longer (I see some at ~6 days), but you also don't have to use those if you're worried about that scenario.