Hi.
I would like to install crowdsec on a freeswitch server that I have in the cloud to test its operation and contribute to the community.
When I install the " crowdsec-firewall-bouncer-iptables " service, the rules are modified and I no longer have the freeswitch service running.
I report the status of the ports used by the services before installing the bouncer.
sudo lsof -i -P -n | grep LISTEN
root@srv:~# sudo lsof -i -P -n | grep LISTEN
container 557 root 13u IPv4 13723 0t0 TCP 127.0.0.1:45531 (LISTEN)
sshd 562 root 3u IPv4 1681 0t0 TCP *:22 (LISTEN)
sshd 562 root 4u IPv6 1683 0t0 TCP *:22 (LISTEN)
nginx 570 root 6u IPv4 1695 0t0 TCP *:80 (LISTEN)
nginx 570 root 7u IPv4 1696 0t0 TCP *:443 (LISTEN)
nginx 571 www-data 6u IPv4 1695 0t0 TCP *:80 (LISTEN)
nginx 571 www-data 7u IPv4 1696 0t0 TCP *:443 (LISTEN)
nginx 572 www-data 6u IPv4 1695 0t0 TCP *:80 (LISTEN)
nginx 572 www-data 7u IPv4 1696 0t0 TCP *:443 (LISTEN)
nginx 573 www-data 6u IPv4 1695 0t0 TCP *:80 (LISTEN)
nginx 573 www-data 7u IPv4 1696 0t0 TCP *:443 (LISTEN)
nginx 574 www-data 6u IPv4 1695 0t0 TCP *:80 (LISTEN)
nginx 574 www-data 7u IPv4 1696 0t0 TCP *:443 (LISTEN)
postgres 579 postgres 5u IPv4 13274 0t0 TCP 127.0.0.1:5432 (LISTEN)
exim4 1117 root 4u IPv4 14954 0t0 TCP 127.0.0.1:25 (LISTEN)
freeswitc 1122 www-data 23u IPv4 15001 0t0 TCP 164.68.98.170:5080 (LISTEN)
freeswitc 1122 www-data 31u IPv4 14316 0t0 TCP 164.68.98.170:5060 (LISTEN)
freeswitc 1122 www-data 33u IPv4 14317 0t0 TCP 164.68.98.170:5061 (LISTEN)
freeswitc 1122 www-data 35u IPv4 14318 0t0 TCP 164.68.98.170:5066 (LISTEN)
freeswitc 1122 www-data 36u IPv4 14319 0t0 TCP 164.68.98.170:7443 (LISTEN)
freeswitc 1122 www-data 72u IPv4 16463 0t0 TCP 127.0.0.1:8021 (LISTEN)
root@srv:~#
This is the state of the ports after installing the bouncer :
root@srv:~# sudo lsof -i -P -n | grep LISTEN
container 449 root 11u IPv4 12163 0t0 TCP 127.0.0.1:44639 (LISTEN)
sshd 463 root 3u IPv4 12659 0t0 TCP *:22 (LISTEN)
sshd 463 root 4u IPv6 12670 0t0 TCP *:22 (LISTEN)
nginx 483 root 6u IPv4 13394 0t0 TCP *:80 (LISTEN)
nginx 483 root 7u IPv4 13395 0t0 TCP *:443 (LISTEN)
nginx 485 www-data 6u IPv4 13394 0t0 TCP *:80 (LISTEN)
nginx 485 www-data 7u IPv4 13395 0t0 TCP *:443 (LISTEN)
nginx 486 www-data 6u IPv4 13394 0t0 TCP *:80 (LISTEN)
nginx 486 www-data 7u IPv4 13395 0t0 TCP *:443 (LISTEN)
nginx 488 www-data 6u IPv4 13394 0t0 TCP *:80 (LISTEN)
nginx 488 www-data 7u IPv4 13395 0t0 TCP *:443 (LISTEN)
nginx 489 www-data 6u IPv4 13394 0t0 TCP *:80 (LISTEN)
nginx 489 www-data 7u IPv4 13395 0t0 TCP *:443 (LISTEN)
postgres 495 postgres 5u IPv4 3059 0t0 TCP 127.0.0.1:5432 (LISTEN)
crowdsec 756 root 12u IPv4 13955 0t0 TCP 127.0.0.1:8080 (LISTEN)
crowdsec 756 root 63u IPv4 13960 0t0 TCP 127.0.0.1:6060 (LISTEN)
crowdsec- 774 root 7u IPv4 14002 0t0 TCP 127.0.0.1:60601 (LISTEN)
I would like to understand how to manually modify the firewall bouncer to restore the correct functioning of the ip switchboard.
These are the ports it uses:
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5069 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5069 -j ACCEPT
iptables -A INPUT -p tcp --dport 5080 -j ACCEPT
iptables -A INPUT -p udp --dport 5080 -j ACCEPT
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
Thanks.
Andrea.