CyberMind-FR
a0d3faed9e
New package: crowdsec-firewall-bouncer (v0.0.34) - Based on official OpenWrt package from openwrt/packages - Full nftables integration with IPv4/IPv6 support - Timeout-based sets for automatic ban expiration - Input and forward chain filtering - Interface-based filtering - procd service management with ujail support - UCI configuration Init script features: - Creates nftables tables: crowdsec (IPv4), crowdsec6 (IPv6) - Creates timeout-enabled sets for blocklists - Generates YAML config from UCI settings - Automatic cleanup on service stop Updated secubox-app-crowdsec-bouncer to v0.0.32 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
29 lines
776 B
Plaintext
29 lines
776 B
Plaintext
# CrowdSec Firewall Bouncer Configuration
|
|
# SecuBox OpenWrt Edition
|
|
#
|
|
# This bouncer fetches decisions from CrowdSec LAPI and enforces them
|
|
# using nftables with automatic expiration via timeout sets.
|
|
|
|
config bouncer
|
|
option enabled '0'
|
|
option ipv4 '1'
|
|
option ipv6 '1'
|
|
option api_url 'http://127.0.0.1:8080/'
|
|
option api_key ''
|
|
option update_frequency '10s'
|
|
option priority '4'
|
|
option deny_action 'drop'
|
|
option deny_log '1'
|
|
option log_prefix 'CrowdSec: '
|
|
option log_level 'info'
|
|
option log_max_size '100'
|
|
option log_max_backups '3'
|
|
option log_max_age '30'
|
|
option filter_input '1'
|
|
option filter_forward '1'
|
|
option chain_name 'crowdsec-chain'
|
|
option chain6_name 'crowdsec6-chain'
|
|
option retry_initial_connect '1'
|
|
list interface 'br-lan'
|
|
list interface 'eth1'
|