I am having issues with my server, i'll tackle in a different post for now am having this issue..

crowdsec-firewall-bouncer -v -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
INFO[0000] crowdsec-firewall-bouncer 0.0.25-e83a672a05a879051ab09b47bf360db96ce1bbb0
time="13-01-2023 15:56:35" level=fatal msg="conn.Receive: netlink receive: numerical result out of range"

my previous package & installation was working perfectly .. i know i should ask maintainer of package in aur, it seems like there was no sig. changes in package it self

Thank you

Could you share some info about the config? quick google seems it could be an issue with nftables? but that just a google

Sure .. its non-docker based install on host … & you're right about google leading towards nftables, but i can't find any relevant info
Its was working flawlessly for more than 3 months.. what lead to this is i restarted my host & all of sudden !! crowdsec stopped working & gave me an error about sqlite3 db being "locked" .. i managed to move it to "mariadb/mysql" & was able to run crowdsec again .. which i wanted to share/shed some light on that as i said earlier.

Here are configs

/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml

mode: nftables
piddir: /var/run/ updatefrequency: 10s
daemonize: true
logmode: file logdir: /var/log/
loglevel: info logcompression: true
logmaxsize: 100
logmaxbackups: 3
logmaxage: 30
apiurl: http://127.0.0.1:8080/ apikey: REDACTED
insecureskipverify: false
disableipv6: false denyaction: DROP
denylog: false supporteddecisions_types:

• ban

to change log prefix

denylogprefix: "crowdsec: "

to change the blacklists name

blacklistsipv4: crowdsec-blacklists blacklistsipv6: crowdsec6-blacklists

type of ipset to use

ipset_type: nethash

if present, insert rule in those chains

iptables_chains:

• INPUT

- FORWARD

- DOCKER-USER

nftables

nftables:
ipv4:
enabled: true
set-only: false
table: crowdsec
chain: crowdsec-chain
ipv6:
enabled: true
set-only: false
table: crowdsec6
chain: crowdsec6-chain

packet filter

pf:
# an empty string disables the anchor
anchor_name: ""

prometheus:
enabled: true
listenaddr: 127.0.0.1 listenport: 60601

/etc/nftables.conf

!/usr/bin/nft -f

vim:set ts=2 sw=2 et:

IPv4/IPv6 Simple & Safe firewall ruleset.

More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.

table inet filter
delete table inet filter
table inet filter {
chain input {
type filter hook input priority filter
policy drop

ct state invalid drop comment "early drop of invalid connections"
ct state {established, related} accept comment "allow tracked connections"
iifname lo accept comment "allow from loopback"
ip protocol icmp accept comment "allow icmp"
meta l4proto ipv6-icmp accept comment "allow icmp v6"
tcp dport ssh accept comment "allow sshd"
pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
counter

}
chain forward {
type filter hook forward priority filter
policy drop
}
}

I know that nft has trouble handling if IP exists within a banned range. Is your crowdsec install detecting bad ranges and inserting those? or is it just standards ips?

Excuse my late answer, i was off-grid
Those are standard IPs .. the funny thing it was working perfectly & i had banned IP's from LAPI
It all started one evening when i had a system reboot as i said & crowdsec was complaining about "DB Lock"
I had to work & troubleshoot what was the issue as its not a docker-based install & information is scarce within this realm so to speak