search

funkolab / cs-mikrotik-bouncer

A CrowdSec bouncer for MikroTik RouterOS appliance
Apache License 2.0
43 stars 8 forks source link

Third-party blocklists disappear from Mikrotik after 24 hours. #39

Open vanes32 opened 1 year ago

vanes32 commented 1 year ago

Hello, first of all I want to thank you for this wonderful bouncer. Great idea! But, it seems to me, I found a small bug related to the processing of third-party blocklists. I noticed that third-party blocklists disappear from Mikrotik after 24 hours and decided to trace the "history" of one specific IP address. The first thing I did was add a third-party blocklist in the crowdsec online account and restart the bouncer. Mikrotik began to receive addresses with a lifetime of 24 hours. It was 2023-06-04 at 10-26. Every 6 hours, the bouncer checked the presence of this address in Mikrotik and everything was fine until 10-00 2023-06-05. At this time, the following happened: the bouncer interrogated the Mikrotik and the observed address was present. The remaining lifetime of this address at that moment was still about 10 or 15 minutes, respectively, after about 10 or 15 minutes after a successful check, the address disappeared from Mikrotik simply by timeout and was not updated. As a result, the entire third-party blocklist disappeared from Mikrotik. 2023-06-05 114326

The screenshot shows the last interaction between the bouncer and Mikrotik, it was on 2023-06-05 at 09-59. At this point, the remaining lifetime of the address-list in Mikrotik was still about 10 or 15 minutes. Аfter about 10 or 15 minutes, the address list was deleted from the microtik by timeout. I will wait for the next interaction between the bouncer and Mikrotik in 6 hours and let you know if the address list returned back to Mikrotik or not. upd: 6 hours have passed, the bouncer says that the "address already present on Mikrotik", but it was deleted by timeout 6 hours ago. 2023-06-05 164713 2023-06-05 164906

urnash commented 6 months ago

I was able to solve my problem like this, I just reboot the container, see example of the compose file:

version: "3.8" services: bouncer-mikrotik: image: ghcr.io/funkolab/cs-mikrotik-bouncer:latest container_name: bouncer-mikrotik environment: TZ: Europe/Moscow CROWDSEC_BOUNCER_API_KEY: XXXXXXXXXXXXXXXXXXXXXXXXx CROWDSEC_URL: http://XXX.XXX.XXX.XXX:8002/

LOG_LEVEL: "1"

  MIKROTIK_HOST: router.lan:8728
  MIKROTIK_USER: XXXXXXXXXXXXX
  MIKROTIK_PASS: XXXXXXXXXXXXXXXXX
  MIKROTIK_TLS: "false"
restart: unless-stopped

restarter: image: docker:cli volumes: ["/var/run/docker.sock:/var/run/docker.sock"] command: ["/bin/sh", "-c", "while true; do sleep 43200; docker restart bouncer-mikrotik; done"]

do sleep 43200 - restart any 12 hour

restart: ${RESTART}