Hi,
On debian, after reloading nftables (systemctl reload nftables.service), the crowdsec-firewall-bouncer tables are deleted and are not automatically created unless I restart crowdsec-firewall-bouncer.
Thus, in the logs after de nftables reload i’ve got these errors : level=error msg=“can’t collect dropped packets for ipv4 from nft: exit status 1”
Is that an expected behavior ?
Thank you for your help.
Hi,
same issue here, does anybody have a workaroud to this? Crowdsec-Firewall-Bouncer didn’t realize that nftables was restarted and didn’t rearrange the tables it needs to work…
Thank you
Copy and paste my answer from Discord
[16:18]Loz: You can edit the systemd unit file and add the PartOf attribute so do systemctl edit crowdsec-firewall-bouncer then add between the comments
[Unit]
PartOf=nftables.service