CrowdSec firewall bouncer introduces up to 10-second ban decision delay

When using CrowdSec firewall bouncer at network level instead of as Traefik middleware, banned IPs can still reach Traefik for up to 10 seconds. The firewall bouncer polls the CrowdSec API at intervals defined by update_frequency, creating a window between ban decision and enforcement. With the plugin approach, decisions were instant.

Accept the trade-off as part of moving CrowdSec to network layer, or reduce update_frequency in /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml below 10 seconds if more immediate enforcement is needed. Note that lower intervals increase API polling overhead.