Hello
All crowdsec stuff seems to works fine because a test remote ip was banned by scenario “crowdsecurity/http-bad-user-agent”, but I do not understand why I don’t see the IP with iptables sudo iptables -L -n -v
??
debian@www:~$ sudo cscli decisions list -o raw
INFO[30-04-2023 08:04:17] Patching yaml: '/etc/crowdsec/config.yaml' with '/etc/crowdsec/config.yaml.local'
id,source,ip,reason,action,country,as,events_count,expiration,simulated,alert_id
164650,crowdsec,Ip:49.12.227.144,crowdsecurity/http-bad-user-agent,ban,DE,24940 Hetzner Online GmbH,2,30m42.752534251s,false,25
49.12.227.144 is well banned because a curl -I https://protectedserver.fr/ -H "User-Agent: OpenVAS"
from it is blocked: curl: (28) Failed to connect to protectedserver.fr port 443: Connection timed out
.
But I cannot see this IP with sudo iptables -L -n -v
- crowdsec v1.4.6
- FirewallBouncer-1682760977 v0.0.25
- iptables v1.8.2 (nf_tables)
Thanks for help, or light