diff --git a/modules/crowdsec.nix b/modules/crowdsec.nix
index 2fe78ae..2d6f1fa 100644
--- a/modules/crowdsec.nix
+++ b/modules/crowdsec.nix
@@ -4,6 +4,7 @@
 # Usage:
 #   myModules.crowdsec = {
 #     enable = true;
+#     enableBouncer = true;  # Block attackers at firewall level
 #   };
 
 {
@@ -21,6 +22,12 @@ in
   options.myModules.crowdsec = {
     enable = lib.mkEnableOption "CrowdSec security engine";
 
+    enableBouncer = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable firewall bouncer to block malicious IPs";
+    };
+
     whitelistIPs = lib.mkOption {
       type = lib.types.listOf lib.types.str;
       default = [ ];
@@ -107,6 +114,13 @@ in
       };
     };
 
+    # Firewall bouncer - blocks malicious IPs at firewall level
+    services.crowdsec-firewall-bouncer = lib.mkIf cfg.enableBouncer {
+      enable = true;
+      registerBouncer.enable = true;
+      registerBouncer.bouncerName = "firewall-bouncer";
+    };
+
     # Ensure credentials directory exists
     systemd.tmpfiles.settings."10-crowdsec-lapi" = {
       "/var/lib/crowdsec/state" = {