V1.09 & cs-firewall-bouncer issue

gppixelworks · March 11, 2021, 12:22am

Just updated to v1.09 from the Debian respository. Firstly, this looked a bit odd:

apt search crowdsec
Sorting... Done
Full Text Search... Done
crowdsec/unknown,now **1.0.7**-3 amd64 [installed]
Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also
automatically benefits from our global community-wide IP reputation database
 
root@gppixelworks:/etc/crowdsec/cs-firewall-bouncer# crowdsec -version
2021/03/11 00:07:41 version: **v1.0.9**-18ff3a3a306d1eca786038fb343250e43784a900

The issue I’m experiencing is that cs-firewall-bouncer will not start. Here’s the log when attempting to start the cs-firewall-bouncer service:

time="10-03-2021 23:52:34" level=info msg="backend type : iptables"
time="10-03-2021 23:52:34" level=info msg="iptables for ipv4 initiated"
time="10-03-2021 23:52:34" level=info msg="iptables clean-up : /sbin/iptables -D INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="10-03-2021 23:52:34" level=info msg="ipset clean-up : /sbin/ipset -exist destroy crowdsec-blacklists"
time="10-03-2021 23:52:34" level=info msg="Checking existing set"
time="10-03-2021 23:52:34" level=info msg="ipset set-up : /sbin/ipset -exist create crowdsec-blacklists nethash timeout 300"
time="10-03-2021 23:52:35" level=info msg="Rule doesn't exist (/sbin/iptables -C INPUT -m set --match-set crowdsec-blacklists src -j DROP)"
time="10-03-2021 23:52:35" level=info msg="iptables set-up : /sbin/iptables -I INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="10-03-2021 23:52:35" level=info msg="iptables for ipv6 initiated"
time="10-03-2021 23:52:35" level=info msg="iptables clean-up : /sbin/ip6tables -D INPUT -m set --match-set crowdsec6-blacklists src -j DROP"
time="10-03-2021 23:52:35" level=info msg="ipset clean-up : /sbin/ipset -exist destroy crowdsec6-blacklists"
time="10-03-2021 23:52:35" level=info msg="Checking existing set"
time="10-03-2021 23:52:35" level=info msg="ipset set-up : /sbin/ipset -exist create crowdsec6-blacklists nethash timeout 300 family inet6"
time="10-03-2021 23:52:36" level=warning msg="iptables check command (/sbin/ip6tables -C INPUT -m set --match-set crowdsec6-blacklists src -j DROP) failed : exit status 1"
time="10-03-2021 23:52:36" level=info msg="iptables set-up : /sbin/ip6tables -I INPUT -m set --match-set crowdsec6-blacklists src -j DROP"
time="10-03-2021 23:52:36" level=info msg="Processing new and deleted decisions . . ."
time="10-03-2021 23:52:36" level=fatal msg="http code 404, invalid body: invalid character '<' looking for beginning of value"

Not sure how to proceed and am looking for some suggestions.

thibault · March 11, 2021, 9:03am

Hello,

Which debian repository are you speaking about ? Ours, or the official debian repository ?

Thanks for the report nonetheless, we’re investigating !

gppixelworks · March 11, 2021, 10:02am

Ooops … Here I thought I’d remembered to provide all relevant information.

Am using yours:

s3-eu-west-1.amazonaws.com/crowdsec.debian.pragmatic/stretch stretch main

I wasn’t aware Crowdsec was in the official Debian repository yet although knew it was in the process of doing so.

FWIW my experience is that Crowdsec is a great package for security. The cooperative aspect is a refreshing change and, I believe, a helpful feture.

alteredCoder · March 11, 2021, 1:55pm

Hello @gppixelworks,

We didn’t manage to reproduce your bug
Can you please share the following files with us:

/var/log/crowdsec.log
/etc/crowdsec/config.yaml
/etc/crowdsec/cs-firewall-bouncer/cs-firewall-bouncer.yaml

I’m available in private message or on gitter if you don’t want to share those files publicly

gppixelworks · March 11, 2021, 2:57pm

Will contact you shortly on gitter (via Matrix) and send you those files.

mikensan · October 15, 2021, 1:44pm

Because I had a hard time finding a solution - if others come across this same issue I wanted to share what my issue was and what I assume others’ are as well.

I had other services using 8080, so I had to update the port in 3 places:
/etc/crowdsec/config.yaml
api > listen_uri: 127.0.0.1:8080 (change 8080 to something available)
/etc/crowdsec/local_api_credentials.yaml
url: http://127.0.0.1:8080 (change to whatever you decided on above)
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
api_url: http://localhost:8080/ (likewise, whatever you picked from config.yaml)

klausagnoletti · October 15, 2021, 6:25pm

Thanks for remembering to follow up! Highly appreciated!

Topic		Replies	Views
Crowdsec-firewall-bouncer does't start -> BACKEND is not supported	1	1692	April 25, 2023
Did I have the rigth setup crowdsec	3	1016	August 17, 2022
OPNSense Plugin Issue - crowdsec firewall bouncer does not start - pfctl crowdsec-blacklists not exist crowdsec	0	140	June 5, 2024
Failed to start The firewall bouncer crowdsec	10	4803	January 2, 2024
[SOLVED] Ipset list crowdsec-blacklists and crowdsec6-blacklists are empty crowdsec	4	4038	April 27, 2022

V1.09 & cs-firewall-bouncer issue

Related topics