What I have done
- Installed crowdsec
- Changed the crowdsec port because the default was already used
- started the setup of crowdsec-firewall-bouncer-iptables
Setting up crowdsec-firewall-bouncer-iptables (0.0.28) …
Job for crowdsec-firewall-bouncer.service failed because the control process exited with error code.
See “systemctl status crowdsec-firewall-bouncer.service” and “journalctl -xeu crowdsec-firewall-bouncer.service” for details.
I have checked the bouncer config file adjusted the port coherently since
api_url port pointed to the crowdsec default port rather than the one I have set. Now the config files are exactly the same I have on another installation (changed ports included) with the difference that there both Crowdsec and OS has been installed various releases ago and updated
Unfortunately I get same error.
I have checked the log and I have:
g=“set destroy error : exit status 1 - ipset v7.17: Set cannot be destroyed: it is in use by a kernel component\n”
time=“16-10-2023 01:30:33” level=fatal msg=“process terminated with error: bouncer stream halted”
So I have checked what component is using the ipset with
Name: crowdsec-blacklists Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 131072 timeout 300 bucketsize 12 initval 0x6987eb5b Size in memory: 456 References: 1 Number of entries: 0 Members: Name: crowdsec6-blacklists Type: hash:net Revision: 7 Header: family inet6 hashsize 1024 maxelem 131072 timeout 300 bucketsize 12 initval 0x50b24917 Size in memory: 1240 References: 0 Number of entries: 0 Members:
Wondering how is possible it complains it is in use by a kernel component if ipset seems used only by crowdsec itself.