As far as I see, the firewall bouncer block incomming traffic. I wonder if it is a good idea to check outgoing traffic as well?
Scenario: devices in the network my be compromised and use outgoing connections to a command and control server (as many trojan do).
Blocking those requests may be a use case. As CrowdSec is providing the local installation with community locklist this would be the way to get the IPs to block. It would require CrowdSec to include such IP addresses into the blocklists.
Do we have something like that?