[
{ type: install
  message: <<EOM

crowdsec-firewall-bouncer is installed.

Note: If you are using OPNsense or pfSense, ignore the following instructions and use the settings page of the
CrowdSec plugin.

-----

If you are running crowdsec on this machine, the bouncer will register itself with
the Local API when it's started the first time.

If the LAPI is on a different machine, you need to manually register the bouncer
and fill api_key and api_url in /usr/local/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml before
starting the service.

This package depends on the Packet Filter service.
To make sure it's active:

----------
# sysrc pf_enable=YES
pf_enable: NO -> YES
# service pf start
Enabling pf.
----------

Add the following in /etc/pf.conf to create the firewall tables and rules:

----------
table <crowdsec-blacklists> persist
table <crowdsec6-blacklists> persist
block drop in quick from <crowdsec-blacklists> to any
block drop in quick from <crowdsec6-blacklists> to any
----------

To apply the file:

# pfctl -f /etc/pf.conf

Then activate the bouncer via sysrc and run it:

----------
# sysrc crowdsec_firewall_enable="YES"
crowdsec_firewall_enable: NO -> YES
# service crowdsec_firewall start
----------

EOM
}
]
