Ipsets are present
# ipset list crowdsec6-blacklists
Name: crowdsec6-blacklists
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 150000 timeout 0 bucketsize 12 initval 0x87b11f19
Size in memory: 456
References: 0
Number of entries: 0
Members:
# ipset list crowdsec-blacklists
Name: crowdsec-blacklists
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1048576 bucketsize 12 initval 0x3840055f
Size in memory: 456
References: 1
Number of entries: 0
Members:
error message with no additional helpful info:
# systemctl status crowdsec-firewall-bouncer.service
● crowdsec-firewall-bouncer.service - The firewall bouncer for CrowdSec
Loaded: loaded (/etc/systemd/system/crowdsec-firewall-bouncer.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2023-10-25 03:21:26 MDT; 1s ago
Process: 151529 ExecStartPre=/usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t (code=exited, status=1/FAILURE)
CPU: 14ms
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
mode: ipset
update_frequency: 10s
log_mode: file
log_dir: /var/log/
log_level: info
log_compression: true
log_max_size: 100
log_max_backups: 3
log_max_age: 30
api_url: http://127.0.0.1:8080/
api_key: xxxxxxxxxxxxxxxxxxxxxx(hidden for forum)
insecure_skip_verify: false
disable_ipv6: false
deny_action: DROP
deny_log: false
supported_decisions_types:
- ban
#to change log prefix
#deny_log_prefix: "crowdsec: "
#to change the blacklists name
blacklists_ipv4: crowdsec-blacklists
blacklists_ipv6: crowdsec6-blacklists
#type of ipset to use
ipset_type: nethash
#if present, insert rule in those chains
iptables_chains:
- INPUT
# - FORWARD
# - DOCKER-USER
## nftables
nftables:
ipv4:
enabled: true
set-only: false
table: crowdsec
chain: crowdsec-chain
priority: -10
ipv6:
enabled: true
set-only: false
table: crowdsec6
chain: crowdsec6-chain
priority: -10
nftables_hooks:
- input
- forward
# packet filter
pf:
# an empty string disables the anchor
anchor_name: ""
prometheus:
enabled: false
listen_addr: 127.0.0.1
listen_port: 60601