What I have done
- Installed crowdsec
- Changed the crowdsec port because the default was already used
- started the setup of crowdsec-firewall-bouncer-iptables
Error
Setting up crowdsec-firewall-bouncer-iptables (0.0.28) …
Job for crowdsec-firewall-bouncer.service failed because the control process exited with error code.
See “systemctl status crowdsec-firewall-bouncer.service” and “journalctl -xeu crowdsec-firewall-bouncer.service” for details.
I have checked the bouncer config file adjusted the port coherently since api_url port pointed to the crowdsec default port rather than the one I have set. Now the config files are exactly the same I have on another installation (changed ports included) with the difference that there both Crowdsec and OS has been installed various releases ago and updated
Unfortunately I get same error.
I have checked the log and I have:
g=“set destroy error : exit status 1 - ipset v7.17: Set cannot be destroyed: it is in use by a kernel component\n”
time=“16-10-2023 01:30:33” level=fatal msg=“process terminated with error: bouncer stream halted”
So I have checked what component is using the ipset with ipset list
That returns
Name: crowdsec-blacklists
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 131072 timeout 300 bucketsize 12 initval 0x6987eb5b
Size in memory: 456
References: 1
Number of entries: 0
Members:
Name: crowdsec6-blacklists
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 131072 timeout 300 bucketsize 12 initval 0x50b24917
Size in memory: 1240
References: 0
Number of entries: 0
Members:
Wondering how is possible it complains it is in use by a kernel component if ipset seems used only by crowdsec itself.
Any suggestion?