I have other rules installed in iptables on a server for container routing (see below).
All the containers run crowdsec and report back to the main server LAPI.
The main server has the iptables bouncer.
I recently noticed that my connection dropped to SSH on the main server because a scenario, alert and decision was triggered (http-probing due to some of my HTTP connection errors), however my connections going through the rules below (HTTP) to a container still worked fine.
I expected all my connections to be blocked.
So I guess there is a precedence issue with the bouncer rules and the PREROUTING or DNAT type rules.
Is this a bug? Can it be fixed?
auto ens192
iface ens192 inet static
# Public interface
address [REDACTED]/32
gateway 10.255.255.1
# To port-forward a specific port to a container
post-up iptables -t nat -A PREROUTING -i ens192 -p tcp --dport 80 -j DNAT --to 10.0.255.1:80
post-down iptables -t nat -D PREROUTING -i ens192 -p tcp --dport 80 -j DNAT --to 10.0.255.1:80
post-up iptables -t nat -A PREROUTING -i ens192 -p tcp --dport 443 -j DNAT --to 10.0.255.1:443
post-down iptables -t nat -D PREROUTING -i ens192 -p tcp --dport 443 -j DNAT --to 10.0.255.1:443