FirewallBouncer works well but rules not in iptables list


All crowdsec stuff seems to works fine because a test remote ip was banned by scenario “crowdsecurity/http-bad-user-agent”, but I do not understand why I don’t see the IP with iptables sudo iptables -L -n -v ??

debian@www:~$ sudo cscli decisions list -o raw
INFO[30-04-2023 08:04:17] Patching yaml: '/etc/crowdsec/config.yaml' with '/etc/crowdsec/config.yaml.local' 
164650,crowdsec,Ip:,crowdsecurity/http-bad-user-agent,ban,DE,24940 Hetzner Online GmbH,2,30m42.752534251s,false,25 is well banned because a curl -I -H "User-Agent: OpenVAS" from it is blocked: curl: (28) Failed to connect to port 443: Connection timed out.

But I cannot see this IP with sudo iptables -L -n -v :frowning:

  • crowdsec v1.4.6
  • FirewallBouncer-1682760977 v0.0.25
  • iptables v1.8.2 (nf_tables)

Thanks for help, or light :slight_smile:

We store all IP’s within an ipset for efficiency. So you will see a line at top of input:

68545 3477K DROP       all  --  *      *              match-set crowdsec-blacklists src

That is our rule you can confirm the ips in the ipset by running:

ipset list crowdsec-blacklists
ipset list crowdsec6-blacklists