secubox-openwrt

History

CyberMind-FR f72ea0da32 fix(cs-firewall-bouncer): Add missing DROP rules for blacklisted IPs The init script created nftables sets and chains but never added the actual DROP rules to block traffic from blacklisted IPs. This caused the bouncer to populate sets correctly but traffic was never blocked. Added DROP rules for: - IPv4 input chain (crowdsec-blacklists) - IPv4 forward chain (crowdsec-blacklists) - IPv6 input chain (crowdsec6-blacklists) - IPv6 forward chain (crowdsec6-blacklists) Each rule respects the deny_log and deny_action configuration options. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-16 08:27:46 +01:00
..
files	fix(cs-firewall-bouncer): Add missing DROP rules for blacklisted IPs	2026-01-16 08:27:46 +01:00
Makefile	fix(cs-firewall-bouncer): Add missing DROP rules for blacklisted IPs	2026-01-16 08:27:46 +01:00

CyberMind-FR f72ea0da32 fix(cs-firewall-bouncer): Add missing DROP rules for blacklisted IPs

The init script created nftables sets and chains but never added the
actual DROP rules to block traffic from blacklisted IPs. This caused
the bouncer to populate sets correctly but traffic was never blocked.

Added DROP rules for:
- IPv4 input chain (crowdsec-blacklists)
- IPv4 forward chain (crowdsec-blacklists)
- IPv6 input chain (crowdsec6-blacklists)
- IPv6 forward chain (crowdsec6-blacklists)

Each rule respects the deny_log and deny_action configuration options.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-16 08:27:46 +01:00

files

fix(cs-firewall-bouncer): Add missing DROP rules for blacklisted IPs

2026-01-16 08:27:46 +01:00

Makefile

fix(cs-firewall-bouncer): Add missing DROP rules for blacklisted IPs

2026-01-16 08:27:46 +01:00