C
CrowdSec3w ago
AR2000

friewall bouncer : crowdsec-chain-input empty

I noticed that the firewall bouncer failed to add the ip sets in the chrowdsec-chain-input chain, rendering the firewall useless. 
set crowdsec-blacklists-crowdsec {
        type ipv4_addr
        flags timeout
        elements = { 45.135.232.177 timeout 9d7h43m46s expires 9d7h43m38s528ms, 45.140.17.124 timeout 9d19h54m6s expires 9d19h53m58s528ms,
                 91.202.233.33 timeout 9d11h59m10s expires 9d11h59m2s528ms }
    }

    chain crowdsec-chain-input {
        type filter hook input priority filter - 10; policy accept;
    }

    chain crowdsec-chain-forward {
        type filter hook forward priority filter - 10; policy accept;
    }
set crowdsec-blacklists-crowdsec {
        type ipv4_addr
        flags timeout
        elements = { 45.135.232.177 timeout 9d7h43m46s expires 9d7h43m38s528ms, 45.140.17.124 timeout 9d19h54m6s expires 9d19h53m58s528ms,
                 91.202.233.33 timeout 9d11h59m10s expires 9d11h59m2s528ms }
    }

    chain crowdsec-chain-input {
        type filter hook input priority filter - 10; policy accept;
    }

    chain crowdsec-chain-forward {
        type filter hook forward priority filter - 10; policy accept;
    }
Logs don't show any error even after a service restart ipsets are filled with up to date data Config : 
mode: nftables 
update_frequency: 10s
log_mode: stdout 
log_level: info
api_url: http://127.0.0.1:43254/
api_key: REDACTED
#scenarios_containing: ["ssh"]
scenarios_containing: []
origins: ["crowdsec", "CAPI", "cscli", "lists"]
scopes: ["Ip", "Range"]
supported_decisions_types:
  - ban
deny_log: false

nftables:
  ipv4:
    enabled: true
    set-only: false
    table: crowdsec
    chain: crowdsec-chain
    priority: -10
  ipv6:
    enabled: true
    set-only: false
    table: crowdsec6
    chain: crowdsec6-chain
    priority: -10

nftables_hooks:
  - input
  - forward
mode: nftables 
update_frequency: 10s
log_mode: stdout 
log_level: info
api_url: http://127.0.0.1:43254/
api_key: REDACTED
#scenarios_containing: ["ssh"]
scenarios_containing: []
origins: ["crowdsec", "CAPI", "cscli", "lists"]
scopes: ["Ip", "Range"]
supported_decisions_types:
  - ban
deny_log: false

nftables:
  ipv4:
    enabled: true
    set-only: false
    table: crowdsec
    chain: crowdsec-chain
    priority: -10
  ipv6:
    enabled: true
    set-only: false
    table: crowdsec6
    chain: crowdsec6-chain
    priority: -10

nftables_hooks:
  - input
  - forward
1 Reply
CrowdSec
CrowdSec3w ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️

Did you find this page helpful?