#Firewall Bouncer on Alpine Host

1 messages · Page 1 of 1 (latest)

upbeat skiff
#

Hello, i have a stable crowdsec setup on a Debian host where the Crowdsec service is running on Docker container and the Firewall Bouncer is running on the Debian host.

Recently i decided to test whether i could use Alpine as a host and managed to transfer my whole stack over there. Everything seems to be working ok except the firewall bouncer.

Alpine does offer an apk flavor of the bouncer over its community repo but the issue is that unless i manually start the bouncer service it always fails to auto start on system boot/restart.

Is there a way of having the bouncer run on an Alpine host?

Below is the error log and my config file:

time="2025-01-31T19:56:28+02:00" level=info msg="Using API key auth"
time="2025-01-31T19:56:28+02:00" level=info msg="Processing new and deleted decisions . . ."
time="2025-01-31T19:56:42+02:00" level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp 172.18.0.8:8080: connect: no route to host"time="2025-01-31T19:56:42+02:00" level=error msg="Get "http://172.18.0.8:8080/v1/decisions/stream?startup=true\": dial tcp 172.18.0.8:8080: connect: no route to host"
time="2025-01-31T19:56:42+02:00" level=info msg="Shutting down backend"
time="2025-01-31T19:56:42+02:00" level=info msg="Deleting rule : /usr/sbin/iptables -D INPUT -j CROWDSEC_CHAIN"
time="2025-01-31T19:56:42+02:00" level=info msg="Deleting rule : /usr/sbin/iptables -D DOCKER-USER -j CROWDSEC_CHAIN"
time="2025-01-31T19:56:42+02:00" level=info msg="Flushing chain : /usr/sbin/iptables -F CROWDSEC_CHAIN"
time="2025-01-31T19:56:42+02:00" level=info msg="Deleting chain : /usr/sbin/iptables -X CROWDSEC_CHAIN"
time="2025-01-31T19:56:43+02:00" level=fatal msg="process terminated with error: bouncer stream halted"

vivid sphinxBOT
#
Important Information

Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.

Log Files

If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.

Guide Followed (CrowdSec Official)

If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.

Screenshots

Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.

© Created By WhyAydan for CrowdSec ❤️ ·
upbeat skiff
#

mode: iptables
update_frequency: 10s
log_mode: file
log_dir: /var/log/
log_level: info
log_compression: true
log_max_size: 100
log_max_backups: 3
log_max_age: 30
api_url: http://172.18.0.8:8080/
api_key: xxxxxxxxxxxxxxxxxxx
insecure_skip_verify: false
disable_ipv6: true
deny_action: DROP
deny_log: false
supported_decisions_types:

  • ban
    #to change log prefix
    #deny_log_prefix: "crowdsec: "
    #to change the blacklists name
    blacklists_ipv4: crowdsec-blacklists
    blacklists_ipv6: crowdsec6-blacklists
    #type of ipset to use
    ipset_type: nethash
    #if present, insert rule in those chains
    iptables_chains:
  • INPUT

- FORWARD

  • DOCKER-USER

nftables

nftables:
ipv4:
enabled: true
set-only: false
table: crowdsec
chain: crowdsec-chain
priority: -10
ipv6:
enabled: true
set-only: false
table: crowdsec6
chain: crowdsec6-chain
priority: -10

nftables_hooks:

  • input
  • forward

packet filter

pf:

an empty string disables the anchor

anchor_name: ""

prometheus:
enabled: false
listen_addr: 127.0.0.1
listen_port: 60601

#

I feel like i am missing something basic since a quick search for a similar setup gave me no results. Either it just works for everyone or no one is using Alpine as a host.