gandalf/secubox-openwrt
gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c1860b4aea
secubox-openwrt/package/secubox/secubox-app-crowdsec-bouncer/files/crowdsec-bouncer.config
CyberMind-FR 9b59b55c9e feat: Add secubox-app-crowdsec-bouncer wrapper package (v0.0.31) 
Create SecuBox wrapper for CrowdSec Firewall Bouncer with enhanced
automation and configuration for OpenWrt routers.

Package Structure:
- Lightweight wrapper depending on upstream crowdsec-firewall-bouncer
- No compilation needed (PKG_ARCH=all)
- Enhanced UCI configuration with router-optimized defaults
- Automatic bouncer registration via uci-defaults script

Files Created:
- Makefile: OpenWrt package definition with dependencies
- README.md: Comprehensive documentation (configuration, troubleshooting)
- files/crowdsec-bouncer.config: Enhanced UCI config template
- files/crowdsec-bouncer.defaults: Auto-registration and setup script

Features:
- Auto-detection of LAN/WAN interfaces
- Automatic API key generation and registration with CrowdSec LAPI
- nftables kernel module loading
- Configures IPv4/IPv6 filtering on INPUT/FORWARD chains
- Integrates with existing luci-app-crowdsec-dashboard

Configuration Highlights:
- Default interfaces: br-lan, eth1
- Logging enabled by default
- Update frequency: 10s
- Deny action: drop
- Both IPv4 and IPv6 enabled

Dependencies:
- crowdsec-firewall-bouncer (upstream from feeds/packages)
- crowdsec (SecuBox package)
- nftables
- uci + libuci

Note: Build requires rsync for OpenWrt SDK perl dependency.
Package ready for integration once build environment is complete.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-06 19:45:25 +01:00

23 lines
574 B
Plaintext
Raw Blame History

config bouncer
option enabled '0'
option ipv4 '1'
option ipv6 '1'
option api_url 'http://127.0.0.1:8080/'
option api_key ''
option update_frequency '10s'
option priority '4'
option deny_action 'drop'
option deny_log '1'
option log_prefix 'CrowdSec: '
option log_level 'info'
option log_max_size '100'
option log_max_backups '3'
option log_max_age '30'
option filter_input '1'
option filter_forward '1'
option chain_name 'crowdsec-chain'
option chain6_name 'crowdsec6-chain'
option retry_initial_connect '1'
list interface 'br-lan'
list interface 'eth1'
Reference in New Issue View Git Blame Copy Permalink