#!/bin/bash appCrowdSecFixPriority() { local cfg="/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml" if [[ ! -f "$cfg" ]]; then isNotice "Bouncer config not found at $cfg — is CrowdSec installed?" return 1 fi # The bouncer yaml is root-owned under /etc/crowdsec; the backup + nftables # ipv4/ipv6 priority rewrite (to -100) runs in the root-owned crowdsec helper. runCrowdsec bouncer-priority checkSuccess "Patched nftables priority to -100 in $cfg" runSystem systemctl restart crowdsec-firewall-bouncer checkSuccess "Restarted crowdsec-firewall-bouncer" isSuccessful "Priority updated. Run 'crowdsec_verify_firewall' to confirm CrowdSec now runs before UFW." }