Bouncer exit status 1 error in bouncer logs

I have always these errors in crowdsec-firewall-bouncer.log

level=error msg="set destroy error : exit status 1 - ipset v7.10: Set cannot be destroyed: it is in use by a kernel component\n"
level=error msg="set destroy error : exit status 1 - ipset v7.10: Set cannot be destroyed: it is in use by a kernel component\n"
level=error msg="error while removing set entry in iptables : exit status 1 --> iptables: Bad rule (does a matching rule exist in that chain?).\n"
level=error msg="error while removing set entry in iptables : exit status 1 --> ip6tables: Bad rule (does a matching rule exist in that chain?).\n"

I use crowdsec-firewall-bouncer-iptables and I have also modsecurity and various rules configured with ufw (I don’t know if it is relevant and problem is caused by some conflict with one of these)

Hello,

The log seems to say that the set managed by crowdsec is in use by another rule and that’s why it cannot be destroyed.

Can you share your bouncer config ? Did you configure the sets to be used by other firewall rules too ?

The bouncer confiig is basically the default after the end of installation, this is my first installation of CrowdSec and I haven’t change anything except the port from 8080 to 7373 and log level


mode: iptables
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: error
log_compression: true
log_max_size: 100
log_max_backups: 3
log_max_age: 30
api_url: http://127.0.0.1:7373/
api_key: OMITTED
insecure_skip_verify: false
disable_ipv6: false
deny_action: DROP
deny_log: false
supported_decisions_types:
  - ban
#to change log prefix
#deny_log_prefix: "crowdsec: "
#to change the blacklists name
blacklists_ipv4: crowdsec-blacklists
blacklists_ipv6: crowdsec6-blacklists
#if present, insert rule in those chains
iptables_chains:
  - INPUT
#  - FORWARD
#  - DOCKER-USER

## nftables
nftables:
  ipv4:
    enabled: true
    set-only: false
    table: crowdsec
    chain: crowdsec-chain
  ipv6:
    enabled: true
    set-only: false
    table: crowdsec6
    chain: crowdsec6-chain
# packet filter
pf:
  # an empty string disables the anchor
  anchor_name: ""

Same issue here, with a similar setup, plus

iptables_chains:
  - INPUT
#  - FORWARD
  - DOCKER-USER

The crowdsec machine is hosted in a docker container and the firewall is iptables.

Hello,

Can both of you share your “runtime” firewall configuration ?
It seems that the “set” is in use by another rule.

I would suspect UFW, @Eirikr70 are you using UFW too ?