Show Posts
1
Intrusion Detection and Prevention / crowdsec firewall bouncer does not start
« on: October 12, 2023, 12:07:36 am »
Hello,
I am running OPNsense 23.7.6 on a Protectli box.
I installed os-crowdsec 1.0.7.
The corresponding installed packages are:
crowdsec 1.5.4
crowdsec-firewall-bouncer 0.0.28
os-crowdsec 1.0.7
The crowdsec plugin is running, but crowdsec-firewall-bouncer won't start.
/var/log/crowdsec/crowdsec-firewall-bouncer.log contains the following log lines:
/usr/local/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml is as follows:
I have masked the api key in this post.
In the configuration file they appear to be properly set.
I have not changed the default plugin settings except for enabling the following options:
Enable log for rules
Verbose log for firewall bouncer
I have searched the OPNsense forum and the internet and only found a crowdsec discourse post (https://discourse.crowdsec.net/t/crowdsec-firewall-bouncer-doest-start-backend-is-not-supported/1258) mentioning that mode should be set to one of the following: iptables, nftables , ipset or pf
I could not find any indication in the documentation that I would have to change the mode setting manually.
Am I missing something?
I am running OPNsense 23.7.6 on a Protectli box.
I installed os-crowdsec 1.0.7.
The corresponding installed packages are:
crowdsec 1.5.4
crowdsec-firewall-bouncer 0.0.28
os-crowdsec 1.0.7
The crowdsec plugin is running, but crowdsec-firewall-bouncer won't start.
/var/log/crowdsec/crowdsec-firewall-bouncer.log contains the following log lines:
Code: [Select]
time="11-10-2023 23:42:00" level=warning msg="unexpected ${BACKEND} mode"
time="11-10-2023 23:42:00" level=info msg="Starting crowdsec-firewall-bouncer v0.0.28-freebsd-af6e7e2"
time="11-10-2023 23:42:00" level=info msg="backend type : ${BACKEND}"
time="11-10-2023 23:42:00" level=fatal msg="firewall '${BACKEND}' is not supported"
/usr/local/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml is as follows:
Code: [Select]
api_key: XXXXXXXXXXXXXXXXXXXXXX # cs-firewall-bouncer-XXXXXXXXXX
api_url: http://127.0.0.1:8080/
blacklists_ipv4: crowdsec_blacklists
blacklists_ipv6: crowdsec6_blacklists
deny_action: DROP
deny_log: false
disable_ipv6: false
insecure_skip_verify: false
ipset_type: nethash
iptables_chains:
- INPUT
log_compression: true
log_dir: /var/log/crowdsec
log_level: info
log_max_age: 30
log_max_backups: 3
log_max_size: 100
log_mode: file
mode: ${BACKEND}
nftables:
ipv4:
chain: crowdsec-chain
enabled: true
priority: -10
set-only: false
table: crowdsec
ipv6:
chain: crowdsec6-chain
enabled: true
priority: -10
set-only: false
table: crowdsec6
nftables_hooks:
- input
- forward
pf:
anchor_name: ''
prometheus:
enabled: false
listen_addr: 127.0.0.1
listen_port: 60601
retry_initial_connect: true
supported_decisions_types:
- ban
update_frequency: 10s
I have masked the api key in this post.
In the configuration file they appear to be properly set.
I have not changed the default plugin settings except for enabling the following options:
Enable log for rules
Verbose log for firewall bouncer
I have searched the OPNsense forum and the internet and only found a crowdsec discourse post (https://discourse.crowdsec.net/t/crowdsec-firewall-bouncer-doest-start-backend-is-not-supported/1258) mentioning that mode should be set to one of the following: iptables, nftables , ipset or pf
I could not find any indication in the documentation that I would have to change the mode setting manually.
Am I missing something?