CyberMind-FR
e62919eec7
- Rename crowdsec-firewall-bouncer to secubox-app-cs-firewall-bouncer - Rename secubox-auth-logger to secubox-app-auth-logger - Delete secubox-crowdsec-setup (merged into other packages) - Fix circular dependencies in luci-app-secubox-crowdsec - Fix dependency chain in secubox-app-crowdsec-bouncer - Add consolidated get_overview API to crowdsec-dashboard - Improve crowdsec-dashboard overview performance Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
32 lines
888 B
Bash
32 lines
888 B
Bash
#!/bin/sh
|
|
# CrowdSec Firewall Bouncer - Interface/Firewall hotplug handler
|
|
# Ensures bouncer's nftables rules are applied after network/firewall changes
|
|
|
|
# Only act on interface up events for WAN
|
|
[ "$ACTION" = "ifup" ] || exit 0
|
|
[ "$INTERFACE" = "wan" ] || [ "$INTERFACE" = "wan6" ] || exit 0
|
|
|
|
# Check if bouncer is enabled
|
|
. /lib/functions.sh
|
|
config_load crowdsec
|
|
|
|
is_enabled() {
|
|
local section="$1"
|
|
local enabled
|
|
config_get_bool enabled "$section" enabled 0
|
|
[ "$enabled" -eq 1 ] && return 0
|
|
return 1
|
|
}
|
|
|
|
bouncer_enabled=0
|
|
config_foreach is_enabled bouncer && bouncer_enabled=1
|
|
|
|
[ "$bouncer_enabled" -eq 1 ] || exit 0
|
|
|
|
# Check if crowdsec tables exist - if not, bouncer needs restart
|
|
if ! nft list table ip crowdsec >/dev/null 2>&1; then
|
|
logger -t crowdsec-bouncer "WAN up but crowdsec nftables missing, restarting bouncer"
|
|
sleep 2
|
|
/etc/init.d/crowdsec-firewall-bouncer restart
|
|
fi
|