CS-Firewall-Bouncer nftables

Fresh install, changed port for api and .yaml files. As I got the (this is already used aka bind error message).

I have manually deleted the bouncers and manually added them and changed the api key in the bounce.yaml file. Below is what I see in the logs. Any help would be appreciated. I am just not seeing why it won’t link up.

Ubuntu 18.04 (EVE-NG).

bouncer logs:
time=“11-03-2022 11:02:45” level=fatal msg=“API error: access forbidden”
time=“11-03-2022 11:53:29” level=info msg=“config is valid”
time=“11-03-2022 11:53:29” level=info msg=“backend type : nftables”
time=“11-03-2022 11:53:29” level=info msg=“nftables initiated”
time=“11-03-2022 11:53:29” level=info msg=“Processing new and deleted decisions . . .”
time=“11-03-2022 11:53:29” level=fatal msg=“API error: access forbidden”
time=“11-03-2022 13:25:36” level=info msg=“config is valid”
time=“11-03-2022 13:25:36” level=info msg=“backend type : nftables”

bouncer yaml:
mode: nftables
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: info
api_url: http://localhost:8090/
api_key: <api_key-redacted>
disable_ipv6: false
deny_action: DROP
deny_log: false

  • ban
    #to change log prefix
    #deny_log_prefix: "crowdsec: "

Some data is missing the config.yaml matches, the api_credential yaml matches. Am I missing something?

So basically I updated these three locations because of the bind error issue.
I used netstat to confirm it wasn’t in use. And that error went away. But the above listed logs show the failure.

api > listen_uri:

url: [ ]

api_url: http://localhost:8090/

Ok I did this before but tried again using this command.

cscli bouncers add myBouncer -l 24

That gave me an API_KEY, as expected. I replaced the unescaped variable in /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml and now the cs-firewall-bouncer appears to be running.

Seeing this when I run metrics so assuming I am good.

INFO[11-03-2022 04:05:41 PM] Local Api Machines Metrics:
| 4770fd769e1c41da93e06dceade24ffeThymmyH8JFyB2Q8h | /v1/alerts | GET | 1 |
INFO[11-03-2022 04:05:41 PM] Local Api Bouncers Metrics:
| FirewallBouncer-1647028615 | /v1/decisions/stream | GET | 17 |

Thanks for the post. Am I right to assume that your problem is fixed and you don’t need anymore help?

That is correct I posted what I did for the resolution. If it needs more clarity let me know.

1 Like

No that’s fine. Thanks!