Hello,
On one Debian 11 server, I realized that crowdsec-firewall-bouncer wasn’t running.
When trying to start it :
systemctl start crowdsec-firewall-bouncer.service
Job for crowdsec-firewall-bouncer.service failed because the control process exited with error code.
See "systemctl status crowdsec-firewall-bouncer.service" and "journalctl -xe" for details.
journalctl -xe :
Apr 20 17:45:15 http9 crowdsec-firewall-bouncer[1738191]: time="2023-04-20T17:45:15+02:00" level=info msg="crowdsec-firewall-bouncer v0.0.25-debian-pragmatic-0a4fde8e9440927d02ce187d1716306af9a13780"
Apr 20 17:45:15 http9 crowdsec-firewall-bouncer[1738191]: time="2023-04-20T17:45:15+02:00" level=warning msg="unexpected ${BACKEND} mode"
Apr 20 17:45:15 http9 crowdsec-firewall-bouncer[1738191]: time="2023-04-20T17:45:15+02:00" level=info msg="config is valid"
Apr 20 17:45:15 http9 crowdsec-firewall-bouncer[1738198]: time="2023-04-20T17:45:15+02:00" level=info msg="crowdsec-firewall-bouncer v0.0.25-debian-pragmatic-0a4fde8e9440927d02ce187d1716306af9a13780"
Apr 20 17:45:15 http9 crowdsec-firewall-bouncer[1738198]: time="2023-04-20T17:45:15+02:00" level=warning msg="unexpected ${BACKEND} mode"
Apr 20 17:45:15 http9 crowdsec-firewall-bouncer[1738198]: time="20-04-2023 17:45:15" level=fatal msg="firewall '${BACKEND}' is not supported"
Apr 20 17:45:15 http9 systemd[1]: crowdsec-firewall-bouncer.service: Main process exited, code=exited, status=1/FAILURE
My config file :
mode: ${BACKEND}
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: info
log_compression: true
log_max_size: 100
log_max_backups: 3
log_max_age: 30
api_url: http://127.0.0.1:8080/
api_key: ${API_KEY}
insecure_skip_verify: false
disable_ipv6: false
deny_action: DROP
deny_log: false
supported_decisions_types:
- ban
#to change log prefix
#deny_log_prefix: "crowdsec: "
#to change the blacklists name
blacklists_ipv4: crowdsec-blacklists
blacklists_ipv6: crowdsec6-blacklists
#type of ipset to use
ipset_type: nethash
#if present, insert rule in those chains
iptables_chains:
- INPUT
# - FORWARD
# - DOCKER-USER
## nftables
nftables:
ipv4:
enabled: true
set-only: false
table: crowdsec
chain: crowdsec-chain
ipv6:
enabled: true
set-only: false
table: crowdsec6
chain: crowdsec6-chain
# packet filter
pf:
# an empty string disables the anchor
anchor_name: ""
prometheus:
Comparing this file with another one on an other server, I can see that two vars wasn’t replaced in this file :
${BACKEND} wasn’t replaced by iptables
${API_KEY} wasn’t replaced by the API key
How can I resolve this issue ? Especially to have the API key ?
Thanks you very much.