Bouncer exit status 1 error in bouncer logs

I have always these errors in crowdsec-firewall-bouncer.log

level=error msg="set destroy error : exit status 1 - ipset v7.10: Set cannot be destroyed: it is in use by a kernel component\n"
level=error msg="set destroy error : exit status 1 - ipset v7.10: Set cannot be destroyed: it is in use by a kernel component\n"
level=error msg="error while removing set entry in iptables : exit status 1 --> iptables: Bad rule (does a matching rule exist in that chain?).\n"
level=error msg="error while removing set entry in iptables : exit status 1 --> ip6tables: Bad rule (does a matching rule exist in that chain?).\n"

I use crowdsec-firewall-bouncer-iptables and I have also modsecurity and various rules configured with ufw (I don’t know if it is relevant and problem is caused by some conflict with one of these)

Hello,

The log seems to say that the set managed by crowdsec is in use by another rule and that’s why it cannot be destroyed.

Can you share your bouncer config ? Did you configure the sets to be used by other firewall rules too ?

The bouncer confiig is basically the default after the end of installation, this is my first installation of CrowdSec and I haven’t change anything except the port from 8080 to 7373 and log level

mode: iptables
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: error
log_compression: true
log_max_size: 100
log_max_backups: 3
log_max_age: 30
api_url: http://127.0.0.1:7373/
api_key: OMITTED
insecure_skip_verify: false
disable_ipv6: false
deny_action: DROP
deny_log: false
supported_decisions_types:
  - ban
#to change log prefix
#deny_log_prefix: "crowdsec: "
#to change the blacklists name
blacklists_ipv4: crowdsec-blacklists
blacklists_ipv6: crowdsec6-blacklists
#if present, insert rule in those chains
iptables_chains:
  - INPUT
#  - FORWARD
#  - DOCKER-USER

## nftables
nftables:
  ipv4:
    enabled: true
    set-only: false
    table: crowdsec
    chain: crowdsec-chain
  ipv6:
    enabled: true
    set-only: false
    table: crowdsec6
    chain: crowdsec6-chain
# packet filter
pf:
  # an empty string disables the anchor
  anchor_name: ""

Same issue here, with a similar setup, plus

iptables_chains:
  - INPUT
#  - FORWARD
  - DOCKER-USER

The crowdsec machine is hosted in a docker container and the firewall is iptables.

Hello,

Can both of you share your “runtime” firewall configuration ?
It seems that the “set” is in use by another rule.

I would suspect UFW, @Eirikr70 are you using UFW too ?

Hi,
i have the same issue.
Same config as above.
Log:

time="02-12-2022 21:18:35" level=error msg="set destroy error : exit status 1 - ipset v7.10: Set cannot be destroyed: it is in use by a kernel component\n"
time="02-12-2022 21:18:36" level=error msg="error while removing set entry in iptables : exit status 1 --> iptables: Bad rule (does a matching rule exist in that chain?).\n"
time="02-12-2022 21:18:36" level=error msg="error while removing set entry in iptables : exit status 1 --> iptables: Bad rule (does a matching rule exist in that chain?).\n"
time="02-12-2022 21:23:36" level=error msg="set destroy error : exit status 1 - ipset v7.10: Set cannot be destroyed: it is in use by a kernel component\n"
time="02-12-2022 21:23:36" level=error msg="error while removing set entry in iptables : exit status 1 --> iptables: Bad rule (does a matching rule exist in that chain?).\n"
time="02-12-2022 21:23:36" level=error msg="error while removing set entry in iptables : exit status 1 --> iptables: Bad rule (does a matching rule exist in that chain?).\n"```

At 21:23, i restarted the service. 

And i'm running ufw.

Sorry, have to admit, that i had a
log_level: warning
in the config → warning does not exist, therefor crowdsec bouncer did not start, even while checking the config with
crowdsec-firewall-bouncer -v -t -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
i received “config is valid”

Now, also with ufw, crowdsec starts:

time="03-12-2022 12:40:32" level=info msg="iptables for ipv4 initiated"
time="03-12-2022 12:40:32" level=info msg="iptables clean-up : /usr/sbin/iptables -D INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="03-12-2022 12:40:32" level=error msg="error while removing set entry in iptables : exit status 1 --> iptables: Bad rule (does a matching rule exist in that chain?).\n"
time="03-12-2022 12:40:32" level=info msg="ipset clean-up : /usr/sbin/ipset -exist destroy crowdsec-blacklists"
time="03-12-2022 12:40:32" level=info msg="Checking existing set"
time="03-12-2022 12:40:32" level=info msg="ipset set-up : /usr/sbin/ipset -exist create crowdsec-blacklists nethash timeout 300"
time="03-12-2022 12:40:33" level=info msg="Rule doesn't exist (/usr/sbin/iptables -C INPUT -m set --match-set crowdsec-blacklists src -j DROP)"
time="03-12-2022 12:40:33" level=info msg="iptables set-up : /usr/sbin/iptables -I INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="03-12-2022 12:40:33" level=info msg="Using API key auth"
time="03-12-2022 12:40:33" level=info msg="Processing new and deleted decisions . . ."
time="03-12-2022 12:40:37" level=info msg="2214 decisions deleted"