I’m currently working on an updated and more OpenWrt style package for the Crowdsec firewall bouncer on OpenWrt.
Already achieved is:
- having a uci config file with configuration
- creating nftables rules for input and forward chain
- start/stop with luci including creation/removal of process and nftables rules
- no dependencies / interferrences with OpenWrt firewall 4
This is done based on the package from OpenWrt 21.
Next steps:
- eleminating bouncer config file template and create it on the fly from the uci config
- updating the Crowdsec bouncer executable (currently v0.0.21)
- update packaging script / make file
- submitting pull request to OpenWrt project
I used the documentation for the bouncer configuration but it is unclear in terms of what options are optional and have a default and what of the configuration is needed for the different modes. In my case: what is needed in the configuration file for a nftables set-only setup.
Perhaps someone can clarify on this?