Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the broken ipset/rules #23

Merged
merged 2 commits into from
Oct 6, 2023
Merged

Fix the broken ipset/rules #23

merged 2 commits into from
Oct 6, 2023

Conversation

stephdl
Copy link
Collaborator

@stephdl stephdl commented Oct 5, 2023
edited

upgrade to 1.5.4-debian

The root cause is that with an upgrade the crowdsec-firewalld bouncer does a test before to start and if the conditions are not satisfied it goes to fail, so we cannot create with a ExecStartPre like we did before

see : ExecStartPre=/usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t

[Unit]
Description=The firewall bouncer for CrowdSec
After=syslog.target network.target remote-fs.target nss-lookup.target crowdsec.service
Before=netfilter-persistent.service

[Service]
Type=notify
ExecStart=/usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
ExecStartPre=/usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t
ExecStartPost=/bin/sleep 0.1
Restart=always
RestartSec=10
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

@stephdl stephdl changed the title Fix the broken ipset rules by creating early Fix the broken ipset/rules Oct 5, 2023
@stephdl stephdl merged commit c16ae1a into main Oct 6, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidePrincipi DavidePrincipi DavidePrincipi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@stephdl @DavidePrincipi