crowdsecurity / pfSense-pkg-crowdsec

54 stars 2 forks source link

Syntax error on crowdsec.inc #55

Closed ToeiRei closed 1 year ago

ToeiRei commented 1 year ago

Syslog says

/rc.filter_configure_sync: There was an error while parsing the package filter rules for /usr/local/pkg/crowdsec.inc.
/rc.filter_configure_sync: The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:72: syntax error'

... on a fresh install of the package - haven't had crowdsec on it before.

mmetc commented 1 year ago

Hi, thanks for the report!

I have not seen this before. Since the file /tmp/rules.test.packages is dynamically generated depending on the firewall configuration, we should have a look at what's in line 72.

... on a fresh install of the package - haven't had crowdsec on it before.

Yes, the bouncer on freebsd is using a packet filter backend instead of iptables/nftables so you have not run this code yet.

ToeiRei commented 1 year ago

wouldn't it make sense to allow users to use the aliases in their own rules as well? It would allow us to be a bit more flexible

mmetc commented 1 year ago

It should just work, did you try? That's why we have the option of disabling the rules, to replace them with your own.

ToeiRei commented 1 year ago

they seem to be filled only when the bouncer is checked - so I added the bouncer to an interface not connected and use my manual ruleset.

andrasg commented 1 year ago

I am seeing this error too.

/rc.filter_configure_sync: The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:35: syntax error'

Line 35 in rules.test.packages:

block drop inlog  quick  inet6 from <crowdsec6_blacklists> to any label "CrowdSec IPv6"

Probably missing a space between "in" and "log" ?

andrasg commented 1 year ago

Disabling the IPv6 blocklist rule in crowdsec pfsense settings gets rid of the error.

mmetc commented 1 year ago

or just disable the log. Fixed in https://github.com/crowdsecurity/pfSense-pkg-crowdsec/pull/60 , thanks!