No changes to IP rules [docker] #167
Description
Attaching to cloudflare-bouncer
cloudflare-bouncer | time="19-05-2024 13:25:48" level=info msg="Starting crowdsec-cloudflare-bouncer v0.2.1-6b30687c25027607083926cb2112dd06e04dae59"
cloudflare-bouncer | time="19-05-2024 13:25:48" level=info msg="Using API key auth"
cloudflare-bouncer | time="19-05-2024 13:25:49" level=info msg="created firewall rule for managed_challenge action" account_id=[redacted] zone_id=[redacted]
cloudflare-bouncer | time="19-05-2024 13:25:49" level=info msg="created firewall rule for managed_challenge action" account_id=[redacted] zone_id=[redacted]
cloudflare-bouncer | time="19-05-2024 13:25:50" level=info msg="created firewall rule for managed_challenge action" account_id=[redacted] zone_id=[redacted]
cloudflare-bouncer | time="19-05-2024 13:25:50" level=info msg="setup of firewall rules complete" account_id=[redacted]
cloudflare-bouncer | time="19-05-2024 13:26:20" level=info msg="processing decisions with scope=Ip" account_id=[redacted]
cloudflare-bouncer | time="19-05-2024 13:26:20" level=info msg="no changes to IP rules "
cloudflare-bouncer | time="19-05-2024 13:26:20" level=info msg="done processing decisions with scope=Ip" account_id=[redacted]
Not sure what is going on, I checked and I have no rules on any of my domains and no main firewall rule, I ran this to remove everything to make sure. sudo docker run --rm -it -v ./cloudflare/cfg.yaml:/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml --name BouncerRecovery 'crowdsecurity/cloudflare-bouncer' -d
Here are the API permissions:
But no matter what I do I get No changes to IP rules which means I have zero rules added to cloudflare.
Here is my cfg.yaml
# Config generated by using /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml as base
crowdsec_lapi_url: http://crowdsec:8080/
crowdsec_lapi_key: [redacted]
crowdsec_update_frequency: 10s
include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word
exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word
only_include_decisions_from: [] # only include IPs banned due to decisions orginating from provided sources. eg value ["cscli", "crowdsec"]cloudflare_config:
accounts:
- id: [redacted]
zones:
- zone_id: [redacted]
actions:
- managed_challenge
- zone_id: [redacted]
actions:
- managed_challenge
- zone_id: [redacted]
actions:
- managed_challenge
token: [redacted]
ip_list_prefix: crowdsec
default_action: managed_challenge
total_ip_list_capacity: 9990 # only this many latest IP decisions would be kept
update_frequency: 30s
daemon: false
log_mode: stdout
log_dir: /var/log/
log_level: info
log_max_size: 0
log_max_age: 0
log_max_backups: 0
compress_logs: null
prometheus:
enabled: true
listen_addr: 127.0.0.1
listen_port: "2112"
key_path: ""
cert_path: ""
ca_cert_path: ""And my docker compose:
crowdsec:
image: docker.io/crowdsecurity/crowdsec:latest
container_name: crowdsec
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
- COLLECTIONS=${COLLECTIONS}
- CUSTOM_HOSTNAME=${CUSTOM_HOSTNAME}
volumes:
- ./crowdsec/config:/etc/crowdsec:rw
- ./crowdsec/data:/var/lib/crowdsec/data:rw
- /pool/containers/swag/swag/config/log/nginx:/var/log/swag:ro
- /var/log:/var/log/host:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 9090:8080
- 1518:1518/udp
restart: unless-stopped
security_opt:
- no-new-privileges=true
networks:
- docker-services
cloudflare-bouncer:
image: crowdsecurity/cloudflare-bouncer
container_name: cloudflare-bouncer
environment:
- TZ=${TZ}
volumes:
- ./cloudflare/cfg.yaml:/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml
depends_on:
- crowdsec
security_opt:
- no-new-privileges=true
networks:
- docker-services
restart: unless-stopped