Running 23.7.6 with corresponding crowdsec versions.
I can start Crowdsec and Lapi without a problem. If I add the bouncer then System Status turns red and shows the following message:
There were error(s) loading the rules: /tmp/rules.debug:137: syntax error - The line in question reads [137]: block in log quick inet from $crowdsec_blacklists to {any} tag .CW label "<some hex>" # CrowdSec (IPv4)
This is cleared by disabling bouncer and rebooting OPNsense.
There is a corresponding ipv6 line after that one, not flagged.
The rule pattern looks like valid other lines in /tmp/rules.debug. Any ideas on the problem or where I should look further please?
I installed crowdsec with bouncer successfully on a test box connected to the internet. Comparing .yaml files and examining logs for the working and failing instances yielded no new clues that I observed.
I am in any case replacing the problematic instance with the freshly installed system, so with no-one else coming forward with similar experience it seems expedient simply to mark this as unsolved and move on. I do so.
Looks like a hotfix is out
Installed packages to be UPGRADED:
crowdsec-firewall-bouncer: 0.0.28 -> 0.0.28_1 [OPNsense]
I'll try it, thanks.
Resolved by the hotfix released. Crowdsec now operating normally.
Owing to travel I did not get to the task until today.