From 4e5d5275f9a082db944cc583e28e9a71a30addf9 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Sat, 17 Jan 2026 06:46:09 +0100
Subject: [PATCH] refactor: Merge secubox-app-crowdsec-bouncer into
 cs-firewall-bouncer

- Move UCI defaults script for auto-registration to cs-firewall-bouncer
- Remove redundant secubox-app-crowdsec-bouncer wrapper package
- Update luci-app-crowdsec-dashboard reference to new package name
- Increment PKG_RELEASE to 3

The defaults script handles:
- Automatic bouncer registration with CrowdSec LAPI
- Interface detection for LAN/WAN
- API key generation and UCI config update

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../view/crowdsec-dashboard/bouncers.js       |   2 +-
 .../secubox-app-crowdsec-bouncer/BUILD.md     | 219 -----------
 .../secubox-app-crowdsec-bouncer/Makefile     |  43 --
 .../secubox-app-crowdsec-bouncer/README.md    | 369 ------------------
 .../files/crowdsec-bouncer.config             |  22 --
 .../secubox-app-cs-firewall-bouncer/Makefile  |   6 +-
 .../files/crowdsec-bouncer.defaults           |   0
 7 files changed, 6 insertions(+), 655 deletions(-)
 delete mode 100644 package/secubox/secubox-app-crowdsec-bouncer/BUILD.md
 delete mode 100644 package/secubox/secubox-app-crowdsec-bouncer/Makefile
 delete mode 100644 package/secubox/secubox-app-crowdsec-bouncer/README.md
 delete mode 100644 package/secubox/secubox-app-crowdsec-bouncer/files/crowdsec-bouncer.config
 rename package/secubox/{secubox-app-crowdsec-bouncer => secubox-app-cs-firewall-bouncer}/files/crowdsec-bouncer.defaults (100%)

diff --git a/package/secubox/luci-app-crowdsec-dashboard/htdocs/luci-static/resources/view/crowdsec-dashboard/bouncers.js b/package/secubox/luci-app-crowdsec-dashboard/htdocs/luci-static/resources/view/crowdsec-dashboard/bouncers.js
index 6b9e85b..c5f9724 100644
--- a/package/secubox/luci-app-crowdsec-dashboard/htdocs/luci-static/resources/view/crowdsec-dashboard/bouncers.js
+++ b/package/secubox/luci-app-crowdsec-dashboard/htdocs/luci-static/resources/view/crowdsec-dashboard/bouncers.js
@@ -698,7 +698,7 @@ return view.extend({
 						E('p', { 'style': 'color: #ffc107; font-weight: bold;' },
 							_('⚠️ Firewall bouncer is not configured yet.')),
 						E('p', {},
-							_('Please install the secubox-app-crowdsec-bouncer package to configure the firewall bouncer.'))
+							_('Please install the secubox-app-cs-firewall-bouncer package to configure the firewall bouncer.'))
 					]),
 					E('div', { 'class': 'right', 'style': 'margin-top: 1em;' }, [
 						E('button', {
diff --git a/package/secubox/secubox-app-crowdsec-bouncer/BUILD.md b/package/secubox/secubox-app-crowdsec-bouncer/BUILD.md
deleted file mode 100644
index 4949e1e..0000000
--- a/package/secubox/secubox-app-crowdsec-bouncer/BUILD.md
+++ /dev/null
@@ -1,219 +0,0 @@
-# Building CrowdSec Firewall Bouncer Binary
-
-This document explains how to build the real `crowdsec-firewall-bouncer` binary package from the upstream OpenWrt feeds.
-
-## Overview
-
-The `secubox-app-crowdsec-bouncer` package is a lightweight wrapper that provides enhanced configuration and auto-registration. However, it depends on the actual binary package `crowdsec-firewall-bouncer` which must be built separately.
-
-## Build Environment
-
-- **OpenWrt SDK**: Version 24.10.5
-- **Architecture**: aarch64_cortex-a72 (MOCHAbin platform)
-- **Build System**: OpenWrt SDK with golang support
-- **Source**: GitHub `crowdsecurity/cs-firewall-bouncer` v0.0.31
-
-## Prerequisites
-
-1. OpenWrt SDK set up at `secubox-tools/sdk/`
-2. Feeds updated (packages feed must be available)
-3. Golang build dependencies installed
-
-## Build Process
-
-### Step 1: Install Golang Dependencies
-
-```bash
-cd secubox-tools/sdk
-./scripts/feeds install -p packages golang
-```
-
-This installs the Go compiler and build framework needed for cross-compilation.
-
-### Step 2: Install Package from Feed
-
-```bash
-./scripts/feeds install crowdsec-firewall-bouncer
-```
-
-This creates a symlink in `package/feeds/packages/crowdsec-firewall-bouncer/` pointing to the upstream package in `feeds/packages/net/crowdsec-firewall-bouncer/`.
-
-### Step 3: Build Package
-
-```bash
-make package/feeds/packages/crowdsec-firewall-bouncer/compile V=s -j1
-```
-
-Build options:
-- `V=s`: Verbose output (useful for debugging)
-- `-j1`: Single-threaded build (more stable for Go compilation)
-
-Build time: ~50-60 seconds on a modern system
-
-### Step 4: Locate Built Package
-
-The IPK package is created at:
-```
-bin/packages/aarch64_cortex-a72/packages/crowdsec-firewall-bouncer_0.0.31-r2_aarch64_cortex-a72.ipk
-```
-
-## Package Details
-
-### Binary Information
-- **Size**: ~4.9MB (compressed IPK), ~14MB (binary)
-- **Binary Path**: `/usr/bin/cs-firewall-bouncer`
-- **Architecture**: ELF 64-bit LSB executable, ARM aarch64
-- **Linked**: Dynamically linked with musl libc
-- **Go Version**: 1.23.12
-- **Stripped**: Yes (to reduce size)
-
-### Package Contents
-- Binary: `/usr/bin/cs-firewall-bouncer`
-- Init Script: `/etc/init.d/crowdsec-firewall-bouncer`
-- Config Template: `/etc/config/crowdsec`
-
-## Deployment
-
-### Upload to Router
-
-```bash
-scp bin/packages/aarch64_cortex-a72/packages/crowdsec-firewall-bouncer_0.0.31-r2_aarch64_cortex-a72.ipk root@192.168.8.191:/tmp/
-```
-
-### Install on Router
-
-```bash
-ssh root@192.168.8.191
-opkg install --force-reinstall /tmp/crowdsec-firewall-bouncer_0.0.31-r2_aarch64_cortex-a72.ipk
-```
-
-Use `--force-reinstall` to upgrade existing installations.
-
-### Verify Installation
-
-```bash
-/usr/bin/cs-firewall-bouncer --version
-/etc/init.d/crowdsec-firewall-bouncer restart
-cscli bouncers list
-```
-
-Expected output:
-- Service running
-- Active API pulls to CrowdSec LAPI
-- nftables tables created (crowdsec, crowdsec6)
-
-## Integration with SecuBox Wrapper
-
-The `secubox-app-crowdsec-bouncer` wrapper package:
-1. Depends on `+crowdsec-firewall-bouncer` (this binary package)
-2. Provides enhanced UCI configuration with router-optimized defaults
-3. Adds automatic API key registration via uci-defaults script
-4. Configures network interfaces automatically
-
-When installed together:
-```bash
-opkg install crowdsec-firewall-bouncer_*.ipk
-opkg install secubox-app-crowdsec-bouncer_*.ipk
-```
-
-The wrapper will detect the binary and configure it automatically.
-
-## Updating to Newer Versions
-
-When upstream releases a new version:
-
-1. Update feeds:
-   ```bash
-   ./scripts/feeds update packages
-   ```
-
-2. Check new version:
-   ```bash
-   cat feeds/packages/net/crowdsec-firewall-bouncer/Makefile | grep PKG_VERSION
-   ```
-
-3. Rebuild:
-   ```bash
-   make package/feeds/packages/crowdsec-firewall-bouncer/clean
-   make package/feeds/packages/crowdsec-firewall-bouncer/compile V=s -j1
-   ```
-
-4. Test on router before deploying to production
-
-## Troubleshooting
-
-### Build Fails - Golang Not Found
-**Solution**: Install golang dependencies first
-```bash
-./scripts/feeds install -a -f golang
-```
-
-### Out of Memory During Build
-**Solution**: Ensure at least 2GB RAM available or use swap
-```bash
-free -h  # Check memory
-```
-
-### Download Timeout
-**Solution**: Manually download source
-```bash
-cd dl/
-wget https://codeload.github.com/crowdsecurity/cs-firewall-bouncer/tar.gz/v0.0.31 -O cs-firewall-bouncer-0.0.31.tar.gz
-cd ..
-make package/feeds/packages/crowdsec-firewall-bouncer/compile V=s
-```
-
-### Binary Size Too Large
-This is expected - Go binaries include the runtime and dependencies. The 14MB binary is normal for a Go application with networking and nftables integration.
-
-## Build System Details
-
-The build process:
-1. Downloads source from GitHub
-2. Verifies SHA256 checksum
-3. Sets up Go workspace with proper GOPATH
-4. Downloads Go module dependencies
-5. Cross-compiles using OpenWrt toolchain
-6. Injects version info via LDFLAGS
-7. Strips binary symbols
-8. Creates IPK package with control files
-
-Go build flags:
-```makefile
-GO_PKG_LDFLAGS_X:=
-    github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v0.0.31
-    github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=<timestamp>
-    github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=openwrt-0.0.31-2
-    github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.GoVersion=1.23.12
-```
-
-## CI/CD Integration
-
-For GitHub Actions or automated builds:
-
-```yaml
-- name: Build CrowdSec Firewall Bouncer
-  run: |
-    cd secubox-tools/sdk
-    ./scripts/feeds install -p packages golang
-    ./scripts/feeds install crowdsec-firewall-bouncer
-    make package/feeds/packages/crowdsec-firewall-bouncer/compile V=s -j$(nproc)
-
-- name: Upload Package
-  uses: actions/upload-artifact@v3
-  with:
-    name: crowdsec-firewall-bouncer
-    path: bin/packages/aarch64_cortex-a72/packages/crowdsec-firewall-bouncer_*.ipk
-```
-
-## Version History
-
-- **0.0.31-r2** (2026-01-06): First build with OpenWrt SDK, Go 1.23.12
-- Built from upstream: `https://github.com/crowdsecurity/cs-firewall-bouncer/releases/tag/v0.0.31`
-
-## References
-
-- Upstream Package: `secubox-tools/sdk/feeds/packages/net/crowdsec-firewall-bouncer/`
-- OpenWrt Golang Framework: `feeds/packages/lang/golang/golang-package.mk`
-- CrowdSec Documentation: https://docs.crowdsec.net/
-- Firewall Bouncer Repo: https://github.com/crowdsecurity/cs-firewall-bouncer
diff --git a/package/secubox/secubox-app-crowdsec-bouncer/Makefile b/package/secubox/secubox-app-crowdsec-bouncer/Makefile
deleted file mode 100644
index cbb5dc7..0000000
--- a/package/secubox/secubox-app-crowdsec-bouncer/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=secubox-app-crowdsec-bouncer
-PKG_VERSION:=0.0.32
-PKG_RELEASE:=1
-PKG_ARCH:=all
-PKG_MAINTAINER:=CyberMind Studio <contact@cybermind.fr>
-PKG_LICENSE:=MIT
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/secubox-app-crowdsec-bouncer
-  SECTION:=net
-  CATEGORY:=Network
-  PKGARCH:=all
-  SUBMENU:=SecuBox Apps
-  TITLE:=SecuBox CrowdSec Firewall Bouncer wrapper
-  DEPENDS:=+uci +libuci +secubox-app-cs-firewall-bouncer +crowdsec +nftables
-endef
-
-define Package/secubox-app-crowdsec-bouncer/description
-Enhanced wrapper for CrowdSec Firewall Bouncer with automatic configuration
-and registration for SecuBox-powered OpenWrt routers. Provides nftables-based
-IP blocking from CrowdSec decisions with automatic API key management and
-interface detection.
-endef
-
-define Package/secubox-app-crowdsec-bouncer/conffiles
-/etc/config/crowdsec
-endef
-
-define Build/Compile
-endef
-
-define Package/secubox-app-crowdsec-bouncer/install
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_CONF) ./files/crowdsec-bouncer.config $(1)/etc/config/crowdsec-bouncer
-
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./files/crowdsec-bouncer.defaults $(1)/etc/uci-defaults/99_crowdsec-bouncer
-endef
-
-$(eval $(call BuildPackage,secubox-app-crowdsec-bouncer))
diff --git a/package/secubox/secubox-app-crowdsec-bouncer/README.md b/package/secubox/secubox-app-crowdsec-bouncer/README.md
deleted file mode 100644
index b2995c0..0000000
--- a/package/secubox/secubox-app-crowdsec-bouncer/README.md
+++ /dev/null
@@ -1,369 +0,0 @@
-# SecuBox CrowdSec Firewall Bouncer
-
-Enhanced wrapper package for CrowdSec Firewall Bouncer with automatic configuration and registration for SecuBox-powered OpenWrt routers.
-
-## Overview
-
-The CrowdSec Firewall Bouncer is a component that blocks malicious IP addresses detected by CrowdSec using nftables firewall rules. This package wraps the upstream `crowdsec-firewall-bouncer` with SecuBox-specific enhancements:
-
-- **Automatic API key registration** with CrowdSec LAPI
-- **Interface auto-detection** for LAN/WAN
-- **Pre-configured defaults** optimized for routers
-- **UCI configuration** for easy management via LuCI
-- **Seamless integration** with SecuBox CrowdSec dashboard
-
-## Features
-
-- **nftables-based blocking**: Uses modern nftables instead of legacy iptables
-- **IPv4 and IPv6 support**: Blocks threats on both protocol versions
-- **Real-time updates**: Polls CrowdSec LAPI for new decisions (default: 10s)
-- **Flexible filtering**: Configure INPUT and FORWARD chain filtering
-- **Logging support**: Optional logging of blocked connections
-- **Multiple deny actions**: drop, reject, or tarpit malicious traffic
-- **Interface-based filtering**: Specify which interfaces to protect
-
-## Requirements
-
-- `crowdsec` - CrowdSec detection engine (must be installed and running)
-- `crowdsec-firewall-bouncer` - Upstream firewall bouncer binary
-- `nftables` - Modern Linux firewall
-- Working CrowdSec Local API (LAPI) on port 8080
-
-## Installation
-
-### Via opkg
-
-```bash
-opkg update
-opkg install secubox-app-crowdsec-bouncer
-```
-
-### From Source
-
-```bash
-./secubox-tools/local-build.sh build secubox-app-crowdsec-bouncer
-opkg install /path/to/secubox-app-crowdsec-bouncer_*.ipk
-```
-
-## Initial Configuration
-
-The package automatically configures itself on first install via the UCI defaults script:
-
-1. **Merges configuration** into `/etc/config/crowdsec`
-2. **Detects network interfaces** (LAN/WAN)
-3. **Registers bouncer** with CrowdSec LAPI
-4. **Generates API key** and stores in UCI
-5. **Loads nftables modules**
-
-After installation, you need to:
-
-```bash
-# Enable the bouncer
-uci set crowdsec.bouncer.enabled='1'
-uci commit crowdsec
-
-# Start the service
-/etc/init.d/crowdsec-firewall-bouncer enable
-/etc/init.d/crowdsec-firewall-bouncer start
-```
-
-## Configuration
-
-All configuration is done via UCI at `/etc/config/crowdsec` in the `bouncer` section:
-
-```uci
-config bouncer
-	option enabled '1'              # Enable/disable bouncer
-	option ipv4 '1'                 # Enable IPv4 filtering
-	option ipv6 '1'                 # Enable IPv6 filtering
-	option api_url 'http://127.0.0.1:8080/'  # CrowdSec LAPI URL
-	option api_key '<generated>'    # API key (auto-generated)
-	option update_frequency '10s'   # How often to poll for decisions
-	option priority '4'             # nftables hook priority
-	option deny_action 'drop'       # Action: drop|reject|tarpit
-	option deny_log '1'             # Log blocked connections
-	option log_prefix 'CrowdSec: '  # Kernel log prefix
-	option log_level 'info'         # Log level
-	option filter_input '1'         # Filter INPUT chain
-	option filter_forward '1'       # Filter FORWARD chain
-	option chain_name 'crowdsec-chain'   # IPv4 chain name
-	option chain6_name 'crowdsec6-chain' # IPv6 chain name
-	option retry_initial_connect '1'     # Retry if LAPI unavailable
-	list interface 'br-lan'         # Interfaces to filter
-	list interface 'eth1'
-```
-
-### Common Configuration Tasks
-
-#### Change Update Frequency
-
-```bash
-uci set crowdsec.bouncer.update_frequency='30s'
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-#### Add/Remove Protected Interfaces
-
-```bash
-# Add interface
-uci add_list crowdsec.bouncer.interface='wlan0'
-
-# Remove specific interface
-uci del_list crowdsec.bouncer.interface='eth1'
-
-# Commit and restart
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-#### Change Deny Action
-
-```bash
-# Options: drop (silent), reject (send ICMP), tarpit (slow response)
-uci set crowdsec.bouncer.deny_action='reject'
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-#### Enable/Disable Logging
-
-```bash
-uci set crowdsec.bouncer.deny_log='1'  # Enable
-uci set crowdsec.bouncer.deny_log='0'  # Disable
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-## Manual Bouncer Registration
-
-If automatic registration fails, register manually:
-
-```bash
-# Register bouncer and get API key
-API_KEY=$(cscli bouncers add crowdsec-firewall-bouncer -o raw)
-
-# Set in UCI
-uci set crowdsec.bouncer.api_key="$API_KEY"
-uci commit crowdsec
-
-# Restart bouncer
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-## Verification
-
-### Check Bouncer Status
-
-```bash
-# Service status
-/etc/init.d/crowdsec-firewall-bouncer status
-
-# Check if running
-ps | grep cs-firewall-bouncer
-
-# Check bouncer registration
-cscli bouncers list
-```
-
-### Check nftables Rules
-
-```bash
-# IPv4 table
-nft list table ip crowdsec
-
-# IPv6 table
-nft list table ip6 crowdsec6
-
-# Check blacklist set
-nft list set ip crowdsec crowdsec-blacklists
-```
-
-### Verify Blocking
-
-```bash
-# Add a test decision
-cscli decisions add --ip 1.2.3.4 --duration 4h --reason "Test block"
-
-# Check if IP is in blacklist
-nft list set ip crowdsec crowdsec-blacklists | grep 1.2.3.4
-
-# Delete test decision
-cscli decisions delete --ip 1.2.3.4
-```
-
-### Check Logs
-
-```bash
-# Service logs
-logread | grep crowdsec-firewall-bouncer
-
-# Kernel logs for blocked packets (if deny_log=1)
-dmesg | grep CrowdSec
-
-# Check bouncer log file
-tail -f /var/log/crowdsec-firewall-bouncer.log
-```
-
-## How It Works
-
-1. **Startup**:
-   - Reads UCI configuration from `/etc/config/crowdsec`
-   - Generates YAML config at `/var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml`
-   - Creates nftables tables (`crowdsec`, `crowdsec6`)
-   - Creates nftables sets for blacklists
-   - Adds filter chains to INPUT/FORWARD hooks
-
-2. **Runtime**:
-   - Polls CrowdSec LAPI every `update_frequency` seconds
-   - Fetches active ban decisions
-   - Updates nftables sets with banned IPs
-   - Sets timeout based on decision duration
-   - Automatically removes expired bans
-
-3. **Shutdown**:
-   - Deletes nftables tables and chains
-   - Removes YAML config
-   - Cleans up resources
-
-## Integration with CrowdSec Dashboard
-
-The SecuBox CrowdSec dashboard (`luci-app-crowdsec-dashboard`) automatically detects the bouncer:
-
-- **Detection**: Checks for `cs-firewall-bouncer` process
-- **Display**: Shows bouncer status in Overview page
-- **Decisions**: Shows blocked IPs and applies them via bouncer
-
-Access the dashboard at: **System → CrowdSec → Overview**
-
-## Troubleshooting
-
-### Bouncer Not Starting
-
-**Check CrowdSec is running**:
-```bash
-/etc/init.d/crowdsec status
-cscli lapi status
-```
-
-**Check nftables is available**:
-```bash
-nft list tables
-modprobe nf_tables
-```
-
-**Check API key is set**:
-```bash
-uci get crowdsec.bouncer.api_key
-```
-
-### No IPs Being Blocked
-
-**Check for active decisions**:
-```bash
-cscli decisions list
-```
-
-**Check nftables sets**:
-```bash
-nft list set ip crowdsec crowdsec-blacklists
-```
-
-**Check bouncer can reach LAPI**:
-```bash
-# From bouncer log
-logread | grep "connection refused\|timeout"
-```
-
-### Interface Not Filtered
-
-**Check interface list**:
-```bash
-uci show crowdsec.bouncer.interface
-```
-
-**Verify interface exists**:
-```bash
-ip link show
-```
-
-**Check nftables rules reference correct interface**:
-```bash
-nft list chain ip crowdsec crowdsec-chain-input
-```
-
-### High CPU Usage
-
-**Reduce update frequency**:
-```bash
-uci set crowdsec.bouncer.update_frequency='30s'
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-**Disable logging**:
-```bash
-uci set crowdsec.bouncer.deny_log='0'
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-## Advanced Configuration
-
-### Using Remote LAPI
-
-To connect to a remote CrowdSec LAPI:
-
-```bash
-# Set remote LAPI URL
-uci set crowdsec.bouncer.api_url='https://crowdsec-lapi.example.com:8080/'
-
-# Register bouncer on remote server
-ssh remote-server "cscli bouncers add router-bouncer"
-
-# Copy API key and set locally
-uci set crowdsec.bouncer.api_key='<remote-api-key>'
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-### Custom Chain Priority
-
-Higher priority = earlier in filter chain:
-
-```bash
-# Default is 4 (before normal filter rules)
-uci set crowdsec.bouncer.priority='10'
-uci commit crowdsec
-/etc/init.d/crowdsec-firewall-bouncer restart
-```
-
-### Prometheus Metrics
-
-The bouncer can expose Prometheus metrics (requires recompilation with metrics enabled).
-
-## Files
-
-- `/etc/config/crowdsec` - UCI configuration
-- `/etc/init.d/crowdsec-firewall-bouncer` - Init script (from upstream)
-- `/var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml` - Generated YAML config
-- `/var/log/crowdsec-firewall-bouncer.log` - Bouncer log file
-- `/usr/bin/cs-firewall-bouncer` - Bouncer binary
-
-## Links
-
-- [CrowdSec Documentation](https://docs.crowdsec.net/)
-- [Firewall Bouncer GitHub](https://github.com/crowdsecurity/cs-firewall-bouncer)
-- [nftables Documentation](https://wiki.nftables.org/)
-- [SecuBox Project](https://secubox.com)
-
-## License
-
-MIT License - See upstream package for details
-
-## Support
-
-For issues related to:
-- **SecuBox integration**: Open issue on SecuBox GitHub
-- **Bouncer functionality**: Refer to [cs-firewall-bouncer issues](https://github.com/crowdsecurity/cs-firewall-bouncer/issues)
-- **CrowdSec core**: Refer to [CrowdSec documentation](https://docs.crowdsec.net/)
diff --git a/package/secubox/secubox-app-crowdsec-bouncer/files/crowdsec-bouncer.config b/package/secubox/secubox-app-crowdsec-bouncer/files/crowdsec-bouncer.config
deleted file mode 100644
index ef40ad0..0000000
--- a/package/secubox/secubox-app-crowdsec-bouncer/files/crowdsec-bouncer.config
+++ /dev/null
@@ -1,22 +0,0 @@
-config bouncer
-	option enabled '0'
-	option ipv4 '1'
-	option ipv6 '1'
-	option api_url 'http://127.0.0.1:8080/'
-	option api_key ''
-	option update_frequency '10s'
-	option priority '4'
-	option deny_action 'drop'
-	option deny_log '1'
-	option log_prefix 'CrowdSec: '
-	option log_level 'info'
-	option log_max_size '100'
-	option log_max_backups '3'
-	option log_max_age '30'
-	option filter_input '1'
-	option filter_forward '1'
-	option chain_name 'crowdsec-chain'
-	option chain6_name 'crowdsec6-chain'
-	option retry_initial_connect '1'
-	list interface 'br-lan'
-	list interface 'eth1'
diff --git a/package/secubox/secubox-app-cs-firewall-bouncer/Makefile b/package/secubox/secubox-app-cs-firewall-bouncer/Makefile
index e9f0663..4acd95e 100644
--- a/package/secubox/secubox-app-cs-firewall-bouncer/Makefile
+++ b/package/secubox/secubox-app-cs-firewall-bouncer/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=secubox-app-cs-firewall-bouncer
 PKG_VERSION:=0.0.31
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 # Source from upstream CrowdSec
 # Note: v0.0.31 is the last version compatible with Go 1.23 (OpenWrt 24.10 SDK)
@@ -86,6 +86,10 @@ define Package/secubox-app-cs-firewall-bouncer/install
 	# Hotplug script to restart bouncer when firewall reloads
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_DATA) ./files/hotplug.d/99-crowdsec-bouncer $(1)/etc/hotplug.d/iface/99-crowdsec-bouncer
+
+	# UCI defaults script for auto-registration with CrowdSec LAPI
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/crowdsec-bouncer.defaults $(1)/etc/uci-defaults/99_crowdsec-bouncer
 endef
 
 $(eval $(call GoBinPackage,secubox-app-cs-firewall-bouncer))
diff --git a/package/secubox/secubox-app-crowdsec-bouncer/files/crowdsec-bouncer.defaults b/package/secubox/secubox-app-cs-firewall-bouncer/files/crowdsec-bouncer.defaults
similarity index 100%
rename from package/secubox/secubox-app-crowdsec-bouncer/files/crowdsec-bouncer.defaults
rename to package/secubox/secubox-app-cs-firewall-bouncer/files/crowdsec-bouncer.defaults