decisions list strange result

I recently noticed my firewall bouncer stopped adding ip flagged for ssh attack to the iptable.
I had set it up that way :

log_mode: stdout # file or stdout
log_level: info
api_url: http://127.0.0.1:43254/
api_key: U6rIr+Rv+HSHfAElS4hBWJQjddXdtxe8YLzEbZ+08+0 # as created in crowdsec
scenarios_containing: ["ssh"]
scopes: ["Ip"]
origins: ["crowdsec", "CAPI", "cscli"]
feed_via_stdin: true
supported_decisions_types:
  - ban

log_mode: stdout # file or stdout
log_level: info
api_url: http://127.0.0.1:43254/
api_key: U6rIr+Rv+HSHfAElS4hBWJQjddXdtxe8YLzEbZ+08+0 # as created in crowdsec
scenarios_containing: ["ssh"]
scopes: ["Ip"]
origins: ["crowdsec", "CAPI", "cscli"]
feed_via_stdin: true
supported_decisions_types:
  - ban

I was wondering what changed.
I also have a lot of decisions with negative expiration for the

CAPI

CAPI

source (-16h32 for example).

CrowdSec•8mo ago•

11 replies

AR2000

decisions list strange result

I recently noticed my firewall bouncer stopped adding ip flagged for ssh attack to the iptable.
I had set it up that way :

log_mode: stdout # file or stdout
log_level: info
api_url: http://127.0.0.1:43254/
api_key: U6rIr+Rv+HSHfAElS4hBWJQjddXdtxe8YLzEbZ+08+0 # as created in crowdsec
scenarios_containing: ["ssh"]
scopes: ["Ip"]
origins: ["crowdsec", "CAPI", "cscli"]
feed_via_stdin: true
supported_decisions_types:
  - ban

log_mode: stdout # file or stdout
log_level: info
api_url: http://127.0.0.1:43254/
api_key: U6rIr+Rv+HSHfAElS4hBWJQjddXdtxe8YLzEbZ+08+0 # as created in crowdsec
scenarios_containing: ["ssh"]
scopes: ["Ip"]
origins: ["crowdsec", "CAPI", "cscli"]
feed_via_stdin: true
supported_decisions_types:
  - ban

I was wondering what changed.
I also have a lot of decisions with negative expiration for the

CAPI

CAPI

source (-16h32 for example).

decisions list strange result

Similar Threads

decisions list strange result

Similar Threads

Similar Threads

Similar Threads