Crowdsec not blocking IP

Javiito · November 16, 2023, 5:13pm

Hi!

I have OpenWRT working with a PPPoE wan connection and I want to test that crowdsec is working properly.

I have installed the crowdsec-firewall-bouncer with the following config (/etc/config/crowdsec):

config bouncer
        option enabled '1'
        option ipv4 '1'
        option ipv6 '1'
        option api_url 'http://*****:8080/'
        option api_key '******'
        option update_frequency '10s'
        option deny_action 'drop'
        option deny_log '1'
        option log_prefix 'crowdsec: '
        option log_level 'info'
        option filter_input '1'
        option filter_forward '1'
        list interface 'ppoe-wan'

I tried adding 8.8.8.8 to banned ips on the crowdsec server but i can still ping the target.

But, with the following command I understand that the bouncer acquired the rule

root@**:~# nft list table crowdsec | grep 8.8.8.8
                             ****, 8.8.8.8 timeout 3h33m25s70ms expires 3h22m49s610ms,

Can anyone help me?, Thanks in advance

frollic · November 16, 2023, 5:36pm

Don't know anything about crowdsec, but you know ping isn't TCP nor UDP, right ?

Javiito · November 16, 2023, 5:51pm

I also tried blocking website Ip, and still loading