[Resolved] Crowdsec bouncer error in default rule

[passeri]

Running 23.7.6 with corresponding crowdsec versions.

I can start Crowdsec and Lapi without a problem. If I add the bouncer then System Status turns red and shows the following message:

Code: [Select]

There were error(s) loading the rules: /tmp/rules.debug:137: syntax error - The line in question reads [137]: block in log quick inet from $crowdsec_blacklists to {any} tag .CW label "<some hex>" # CrowdSec (IPv4)This is cleared by disabling bouncer and rebooting OPNsense.

There is a corresponding ipv6 line after that one, not flagged.

The rule pattern looks like valid other lines in /tmp/rules.debug. Any ideas on the problem or where I should look further please?

[passeri]

I installed crowdsec with bouncer successfully on a test box connected to the internet. Comparing .yaml files and examining logs for the working and failing instances yielded no new clues that I observed.

I am in any case replacing the problematic instance with the freshly installed system, so with no-one else coming forward with similar experience it seems expedient simply to mark this as unsolved and move on. I do so.

[newsense]

Looks like a hotfix is out

Code: [Select]

Installed packages to be UPGRADED:
        crowdsec-firewall-bouncer: 0.0.28 -> 0.0.28_1 [OPNsense]


[passeri]

I’ll try it, thanks.

[passeri]

Resolved by the hotfix released. Crowdsec now operating normally.

Owing to travel I did not get to the task until today.