I have Crowdsec installed in Docker.
host-firewall-bouncer installed on the host doesn’t receive IPs to block nor communicate to the console the offending IPs present in /var/log/auth.log.[“cscli metrics” says that the file is parsed]
(fyi on the same server is running a fail2ban instance that work as expected)
I tried to debug myself without success I just found out that
[docker crowdsec] cscli decisions list → No active decisions
while if I manually ban an IP (188.8.131.52) it appears as active decision and it is passed correctly in on the host
[docker crowdsec] cscli decisions list → 184.108.40.206
[host] sudo ipset list crowdsec-blacklists |grep 220.127.116.11 → OK
if you need any logs or output of commands, please ask.
If you run
cscli bouncers list have you generated an api key and does it have a timestamp? because it need to connect to the container port 8080
first of all thank you for your reply I did create the API and configured in the bouncer installed on the HOST (/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml):
while on the
[docker] cscli bouncers list
Name IP Address Valid Last API pull Type Version Auth Type
host-firewall-bouncer… 172.27.0.1 2023-01-17T13:51:19Z crowdsec-firewall-bouncer v0.0.25-debian-pragmatic-0a4fde8e9440927d02ce187d1716306af9- api-key