[docker setup] local bouncer on host doesn't ban IPs

1

I have Crowdsec installed in Docker.
host-firewall-bouncer installed on the host doesn’t receive IPs to block nor communicate to the console the offending IPs present in /var/log/auth.log.[“cscli metrics” says that the file is parsed]
(fyi on the same server is running a fail2ban instance that work as expected)

I tried to debug myself without success I just found out that
[docker crowdsec] cscli decisions list → No active decisions

while if I manually ban an IP (1.2.3.4) it appears as active decision and it is passed correctly in on the host
[docker crowdsec] cscli decisions list → 1.2.3.4
[host] sudo ipset list crowdsec-blacklists |grep 1.2.3.4 → OK

if you need any logs or output of commands, please ask.

2

If you run cscli bouncers list have you generated an api key and does it have a timestamp? because it need to connect to the container port 8080

3

Dear iiAmLoz,
first of all thank you for your reply I did create the API and configured in the bouncer installed on the HOST (/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml):

while on the
[docker]:confused: cscli bouncers list

─────────────────────────
Name IP Address Valid Last API pull Type Version Auth Type
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
─────────────────────────
host-firewall-bouncer… 172.27.0.1 :heavy_check_mark: 2023-01-17T13:51:19Z crowdsec-firewall-bouncer v0.0.25-debian-pragmatic-0a4fde8e9440927d02ce187d1716306af9- api-key
a13780

4

Enable (un-comment) DOCKER-USER in /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml.
You may also have to set disable_ipv6: true in this file.