Can't install Firewall Bouncer

[Compr0mzd]

I installed the iptable bouncer and tested with the nftables bouncers and got this error :
level=fatal msg="conn.Receive: netlink receive: numerical result out of range"
Mar 31 12:41:43 ***** systemd[1]: crowdsec-firewall-bouncer.service: Main process exited, code=exited, status=1/FAILURE

I'm trying to install the bouncer on Debian 11 - 4.19.0
The server is an OpenVZ container. I have root acces inside the server. I installed crowdsec agent without any issues

[LaurenceJJones]

Could you try the latest RC version if you have the package installed you can follow my instructions #230 (comment)

[Compr0mzd]

time="2023-04-14T13:09:56Z" level=info msg="crowdsec-firewall-bouncer v0.0.26-rc3-386106154396db3625eb1a3677ca>
Apr 14 13:09:56 XXXXX crowdsec-firewall-bouncer[456910]: time="14-04-2023 13:09:56" level=fatal msg="conn.Receive: netlink receive: numerical result out of range"
Apr 14 13:09:56 XXXXX systemd[1]: crowdsec-firewall-bouncer.service: Main process exited, code=exited, status=1/FAILURE

Hey I indeed tried the rc version like you proposed and I still receive the same error type

[LaurenceJJones]

We had a user last time that used OpenVZ and it doesn't have access to kernal level modules because its shared with the hosts kernel level. Is nftables working by itself?

Can you shared your configuration file minus the api key and url if it remote.

[Compr0mzd]

I think this might be the issue because the container might be unprivileged. I never could start a Docker on the OpenVZ. It's probably the same issue with this. I'll be looking if I can configure the nftables and make it works.

[mmetc]

Hi @Compr0mzd
could you try changing the set names in your configuration?

crowdsec-blacklists -> crowdsec-set
crowdsec6-blacklists -> crowdsec6-set

we have found that on some systems, the nft userspace has strict limits of 15 characters. Version 0.0.27~rc2 has an explicit message about that.