[Finished] OpenWrt: updating crowdsec-firewall-bouncer package

I’m currently working on an updated and more OpenWrt style package for the Crowdsec firewall bouncer on OpenWrt.

Already achieved is:

  • having a uci config file with configuration
  • creating nftables rules for input and forward chain
  • start/stop with luci including creation/removal of process and nftables rules
  • no dependencies / interferrences with OpenWrt firewall 4

This is done based on the package from OpenWrt 21.

Next steps:

  • eleminating bouncer config file template and create it on the fly from the uci config
  • updating the Crowdsec bouncer executable (currently v0.0.21)
  • update packaging script / make file
  • submitting pull request to OpenWrt project

I used the documentation for the bouncer configuration but it is unclear in terms of what options are optional and have a default and what of the configuration is needed for the different modes. In my case: what is needed in the configuration file for a nftables set-only setup.

Perhaps someone can clarify on this?

I have finished my work so far and will start next step by updating the Makefile and create a pull request for OpenWrt. Luci-App is also ready.

I still need to figure a few things about the Makefile and OpenWrt build/packaging process.

Pull request to OpenWrt has been opened.

2 Likes

My pull request for the bouncer has been merged. The LuCi app pull request is still open.

The package (crowdsec-firewall-bouncer 0.0.25-1) is now available in OpenWrt snapshot.