[Resolved] Crowdsec bouncer error in default rule

Started by passeri, October 13, 2023, 11:58:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 13, 2023, 11:58:56 AM Last Edit: October 22, 2023, 08:16:42 AM by passeri
Running 23.7.6 with corresponding crowdsec versions.

I can start Crowdsec and Lapi without a problem. If I add the bouncer then System Status turns red and shows the following message:
Code Select
There were error(s) loading the rules: /tmp/rules.debug:137: syntax error - The line in question reads [137]: block in log quick inet from $crowdsec_blacklists to {any} tag .CW label "<some hex>" # CrowdSec (IPv4)
This is cleared by disabling bouncer and rebooting OPNsense.

There is a corresponding ipv6 line after that one, not flagged.

The rule pattern looks like valid other lines in /tmp/rules.debug. Any ideas on the problem or where I should look further please?
Deciso DEC697
+crowdsec +wireguard
October 15, 2023, 12:45:06 PM #1
I installed crowdsec with bouncer successfully on a test box connected to the internet. Comparing .yaml files and examining logs for the working and failing instances yielded no new clues that I observed.

I am in any case replacing the problematic instance with the freshly installed system, so with no-one else coming forward with similar experience it seems expedient simply to mark this as unsolved and move on. I do so.
Deciso DEC697
+crowdsec +wireguard
October 18, 2023, 12:07:00 PM #2
Looks like a hotfix is out

Code Select
Installed packages to be UPGRADED:
        crowdsec-firewall-bouncer: 0.0.28 -> 0.0.28_1 [OPNsense]
October 18, 2023, 01:01:17 PM #3
I'll try it, thanks.
Deciso DEC697
+crowdsec +wireguard
October 22, 2023, 08:29:18 AM #4
Resolved by the hotfix released. Crowdsec now operating normally.

Owing to travel I did not get to the task until today.
Deciso DEC697
+crowdsec +wireguard
Print
Go Up Pages1
User actions