1
Intrusion Detection and Prevention / Re: crowdsec firewall bouncer does not start
« on: October 17, 2023, 09:14:49 pm »
@franco
Thanks for the fix.
It is much appreciated.
Thanks for the fix.
It is much appreciated.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Intrusion Detection and Prevention / Re: crowdsec firewall bouncer does not start
« on: October 13, 2023, 05:30:06 pm »
@cookiemonster
Thanks, manually changing mode to pf did the trick.
Someone beat me to it and just created an issue for this problem at https://github.com/opnsense/plugins/issues/3622.
Thanks, manually changing mode to pf did the trick.
Someone beat me to it and just created an issue for this problem at https://github.com/opnsense/plugins/issues/3622.
3
Intrusion Detection and Prevention / crowdsec firewall bouncer does not start
« on: October 12, 2023, 12:07:36 am »
Hello,
I am running OPNsense 23.7.6 on a Protectli box.
I installed os-crowdsec 1.0.7.
The corresponding installed packages are:
crowdsec 1.5.4
crowdsec-firewall-bouncer 0.0.28
os-crowdsec 1.0.7
The crowdsec plugin is running, but crowdsec-firewall-bouncer won't start.
/var/log/crowdsec/crowdsec-firewall-bouncer.log contains the following log lines:
/usr/local/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml is as follows:
I have masked the api key in this post.
In the configuration file they appear to be properly set.
I have not changed the default plugin settings except for enabling the following options:
Enable log for rules
Verbose log for firewall bouncer
I have searched the OPNsense forum and the internet and only found a crowdsec discourse post (https://discourse.crowdsec.net/t/crowdsec-firewall-bouncer-doest-start-backend-is-not-supported/1258) mentioning that mode should be set to one of the following: iptables, nftables , ipset or pf
I could not find any indication in the documentation that I would have to change the mode setting manually.
Am I missing something?
I am running OPNsense 23.7.6 on a Protectli box.
I installed os-crowdsec 1.0.7.
The corresponding installed packages are:
crowdsec 1.5.4
crowdsec-firewall-bouncer 0.0.28
os-crowdsec 1.0.7
The crowdsec plugin is running, but crowdsec-firewall-bouncer won't start.
/var/log/crowdsec/crowdsec-firewall-bouncer.log contains the following log lines:
Code: [Select]
time="11-10-2023 23:42:00" level=warning msg="unexpected ${BACKEND} mode"
time="11-10-2023 23:42:00" level=info msg="Starting crowdsec-firewall-bouncer v0.0.28-freebsd-af6e7e2"
time="11-10-2023 23:42:00" level=info msg="backend type : ${BACKEND}"
time="11-10-2023 23:42:00" level=fatal msg="firewall '${BACKEND}' is not supported"
/usr/local/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml is as follows:
Code: [Select]
api_key: XXXXXXXXXXXXXXXXXXXXXX # cs-firewall-bouncer-XXXXXXXXXX
api_url: http://127.0.0.1:8080/
blacklists_ipv4: crowdsec_blacklists
blacklists_ipv6: crowdsec6_blacklists
deny_action: DROP
deny_log: false
disable_ipv6: false
insecure_skip_verify: false
ipset_type: nethash
iptables_chains:
- INPUT
log_compression: true
log_dir: /var/log/crowdsec
log_level: info
log_max_age: 30
log_max_backups: 3
log_max_size: 100
log_mode: file
mode: ${BACKEND}
nftables:
ipv4:
chain: crowdsec-chain
enabled: true
priority: -10
set-only: false
table: crowdsec
ipv6:
chain: crowdsec6-chain
enabled: true
priority: -10
set-only: false
table: crowdsec6
nftables_hooks:
- input
- forward
pf:
anchor_name: ''
prometheus:
enabled: false
listen_addr: 127.0.0.1
listen_port: 60601
retry_initial_connect: true
supported_decisions_types:
- ban
update_frequency: 10s
I have masked the api key in this post.
In the configuration file they appear to be properly set.
I have not changed the default plugin settings except for enabling the following options:
Enable log for rules
Verbose log for firewall bouncer
I have searched the OPNsense forum and the internet and only found a crowdsec discourse post (https://discourse.crowdsec.net/t/crowdsec-firewall-bouncer-doest-start-backend-is-not-supported/1258) mentioning that mode should be set to one of the following: iptables, nftables , ipset or pf
I could not find any indication in the documentation that I would have to change the mode setting manually.
Am I missing something?
Pages: [1]