You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

386 lines
34 KiB

  1. <!-- markdownlint-disable -->
  2. # banIP - ban incoming and/or outgoing ip adresses via ipsets
  3. ## Description
  4. IP address blocking is commonly used to protect against brute force attacks, prevent disruptive or unauthorized address(es) from access or it can be used to restrict access to or from a particular geographic area — for example.
  5. ## Main Features
  6. * Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses)
  7. | Source | Focus | Information |
  8. | :------------------ | :----------------------------: | :-------------------------------------------------------------------------------- |
  9. | asn | ASN block | [Link](https://asn.ipinfo.app) |
  10. | bogon | Bogon prefixes | [Link](https://team-cymru.com) |
  11. | country | Country blocks | [Link](https://www.ipdeny.com/ipblocks) |
  12. | darklist | blocks suspicious attacker IPs | [Link](https://darklist.de) |
  13. | debl | Fail2ban IP blacklist | [Link](https://www.blocklist.de) |
  14. | doh | Public DoH-Provider | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
  15. | drop | Spamhaus drop compilation | [Link](https://www.spamhaus.org) |
  16. | dshield | Dshield IP blocklist | [Link](https://www.dshield.org) |
  17. | edrop | Spamhaus edrop compilation | [Link](https://www.spamhaus.org) |
  18. | feodo | Feodo Tracker | [Link](https://feodotracker.abuse.ch) |
  19. | firehol1 | Firehol Level 1 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
  20. | firehol2 | Firehol Level 2 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
  21. | firehol3 | Firehol Level 3 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
  22. | firehol4 | Firehol Level 4 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
  23. | greensnow | blocks suspicious server IPs | [Link](https://greensnow.co) |
  24. | iblockads | Advertising blocklist | [Link](https://www.iblocklist.com) |
  25. | iblockspy | Malicious spyware blocklist | [Link](https://www.iblocklist.com) |
  26. | myip | Myip Live IP blacklist | [Link](https://myip.ms) |
  27. | nixspam | iX spam protection | [Link](http://www.nixspam.org) |
  28. | proxy | Firehol list of open proxies | [Link](https://iplists.firehol.org/?ipset=proxylists) |
  29. | ssbl | SSL botnet IP blacklist | [Link](https://sslbl.abuse.ch) |
  30. | talos | Cisco Talos IP Blacklist | [Link](https://talosintelligence.com/reputation_center) |
  31. | threat | Emerging Threats | [Link](https://rules.emergingthreats.net) |
  32. | tor | Tor exit nodes | [Link](https://fissionrelays.net/lists) |
  33. | uceprotect1 | Spam protection level 1 | [Link](http://www.uceprotect.net/en/index.php) |
  34. | uceprotect2 | Spam protection level 2 | [Link](http://www.uceprotect.net/en/index.php) |
  35. | voip | VoIP fraud blocklist | [Link](http://www.voipbl.org) |
  36. | yoyo | Ad protection blacklist | [Link](https://pgl.yoyo.org/adservers/) |
  37. * zero-conf like automatic installation & setup, usually no manual changes needed
  38. * automatically selects one of the following supported download utilities: aria2c, curl, uclient-fetch, wget
  39. * fast downloads & list processing as they are handled in parallel as background jobs in a configurable 'Download Queue'
  40. * full IPv4 and IPv6 support
  41. * ipsets (one per source) are used to ban a large number of IP addresses
  42. * supports blocking by ASN numbers
  43. * supports blocking by iso country codes
  44. * supports local black- & whitelist (IPv4, IPv6, CIDR notation or domain names)
  45. * auto-add unsuccessful LuCI, nginx or ssh login attempts via 'dropbear'/'sshd' to local blacklist
  46. * auto-add the uplink subnet to local whitelist
  47. * black- and whitelist also accept domain names as input to allow IP filtering based on these names
  48. * supports a 'whitelist only' mode, this option allows to restrict Internet access from/to a small number of secure websites/IPs
  49. * provides a small background log monitor to ban unsuccessful login attempts in real-time
  50. * per source configuration of SRC (incoming) and DST (outgoing)
  51. * integrated IPSet-Lookup
  52. * integrated bgpview-Lookup
  53. * blocklist source parsing by fast & flexible regex rulesets
  54. * minimal status & error logging to syslog, enable debug logging to receive more output
  55. * procd based init system support (start/stop/restart/reload/refresh/status)
  56. * procd network interface trigger support
  57. * automatic blocklist backup & restore, they will be used in case of download errors or during startup
  58. * provides comprehensive runtime information
  59. * provides a detailed IPSet Report
  60. * provides a powerful query function to quickly find blocked IPs/CIDR in banIP related IPSets
  61. * provides an easily configurable blocklist update scheduler called 'Refresh Timer'
  62. * strong LuCI support
  63. * optional: add new banIP sources on your own
  64. ## Prerequisites
  65. * [OpenWrt](https://openwrt.org), tested with the stable release series (21.02.x) and with the latest rolling snapshot releases. On turris devices it has been successfully tested with TurrisOS 5.2.x
  66. <b>Please note:</b> Ancient OpenWrt releases like 18.06.x or 17.01.x are _not_ supported!
  67. <b>Please note:</b> Devices with less than 128 MByte RAM are _not_ supported!
  68. <b>Please note:</b> If you're updating from former banIP 0.3x please manually remove your config (/etc/config/banip) before you start!
  69. * A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
  70. * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
  71. * Optional E-Mail notification support: for E-Mail notifications you need to install and setup the additional 'msmtp' package
  72. ## Installation & Usage
  73. * Update your local opkg repository (_opkg update_)
  74. * Install 'banip' (_opkg install banip_). The banIP service is disabled by default
  75. * Install the LuCI companion package 'luci-app-banip' (_opkg install luci-app-banip_)
  76. * It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
  77. ## banIP CLI
  78. * All important banIP functions are accessible via CLI as well.
  79. <pre><code>
  80. ~# /etc/init.d/banip
  81. Syntax: /etc/init.d/banip [command]
  82. Available commands:
  83. start Start the service
  84. stop Stop the service
  85. restart Restart the service
  86. reload Reload configuration files (or restart if service does not implement reload)
  87. enable Enable service autostart
  88. disable Disable service autostart
  89. enabled Check if service is started on boot
  90. refresh Refresh ipsets without new list downloads
  91. suspend Suspend banIP processing
  92. resume Resume banIP processing
  93. query &lt;IP&gt; Query active banIP IPSets for a specific IP address
  94. report [&lt;cli&gt;|&lt;mail&gt;|&lt;gen&gt;|&lt;json&gt;] Print banIP related IPset statistics
  95. list [&lt;add&gt;|&lt;add_asn&gt;|&lt;add_country&gt;|&lt;remove>|&lt;remove_asn&gt;|&lt;remove_country&gt;] &lt;source(s)&gt; List/Edit available sources
  96. timer [&lt;add&gt; &lt;tasks&gt; &lt;hour&gt; [&lt;minute&gt;] [&lt;weekday&gt;]]|[&lt;remove&gt; &lt;line no.&gt;] List/Edit cron update intervals
  97. version Print version information
  98. running Check if service is running
  99. status Service status
  100. trace Start with syscall trace
  101. </code></pre>
  102. ## banIP config options
  103. * Usually the auto pre-configured banIP setup works quite well and no manual overrides are needed
  104. | Option | Type | Default | Description |
  105. | :---------------------- | :----- | :---------------------------- | :------------------------------------------------------------------------------------ |
  106. | ban_enabled | option | 0 | enable the banIP service |
  107. | ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
  108. | ban_debug | option | 0 | enable banIP related debug logging |
  109. | ban_mail_enabled | option | 0 | enable the mail service |
  110. | ban_monitor_enabled | option | 0 | enable the log monitor, e.g. to catch failed ssh/luci logins |
  111. | ban_logsrc_enabled | option | 0 | enable the src-related logchain |
  112. | ban_logdst_enabled | option | 0 | enable the dst-related logchain |
  113. | ban_autoblacklist | option | 1 | add suspicious IPs automatically to the local blacklist |
  114. | ban_autowhitelist | option | 1 | add wan IPs/subnets automatically to the local whitelist |
  115. | ban_whitelistonly | option | 0 | allow to restrict Internet access from/to a small number of secure websites/IPs |
  116. | ban_maxqueue | option | 4 | size of the download queue to handle downloads and processing in parallel |
  117. | ban_reportdir | option | /tmp/banIP-Report | directory where banIP stores the report files |
  118. | ban_backupdir | option | /tmp/banIP-Backup | directory where banIP stores the compressed backup files |
  119. | ban_ifaces | list | - | list option to add logical wan interfaces manually |
  120. | ban_sources | list | - | list option to add banIP sources |
  121. | ban_countries | list | - | list option to add certain countries as an alpha-2 ISO code, e.g. 'de' for germany |
  122. | ban_asns | list | - | list option to add certain ASNs (autonomous system number), e.g. '32934' for facebook |
  123. | ban_chain | option | banIP | name of the root chain used by banIP |
  124. | ban_global_settype | option | src+dst | global settype as default for all sources |
  125. | ban_settype_src | list | - | special SRC settype for a certain sources |
  126. | ban_settype_dst | list | - | special DST settype for a certain sources |
  127. | ban_settype_all | list | - | special SRC+DST settype for a certain sources |
  128. | ban_target_src | option | DROP | default src action (used by log chains as well) |
  129. | ban_target_dst | option | REJECT | default dst action (used by log chains as well) |
  130. | ban_lan_inputchains_4 | list | input_lan_rule | list option to add IPv4 lan input chains |
  131. | ban_lan_inputchains_6 | list | input_lan_rule | list option to add IPv6 lan input chains |
  132. | ban_lan_forwardchains_4 | list | forwarding_lan_rule | list option to add IPv4 lan forward chains |
  133. | ban_lan_forwardchains_6 | list | forwarding_lan_rule | list option to add IPv6 lan forward chains |
  134. | ban_wan_inputchains_4 | list | input_wan_rule | list option to add IPv4 wan input chains |
  135. | ban_wan_inputchains_6 | list | input_wan_rule | list option to add IPv6 wan input chains |
  136. | ban_wan_forwardchains_4 | list | forwarding_wan_rule | list option to add IPv4 wan forward chains |
  137. | ban_wan_forwardchains_6 | list | forwarding_wan_rule | list option to add IPv6 wan forward chains |
  138. | ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
  139. | ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
  140. | ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
  141. | ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
  142. | ban_srcarc | option | /etc/banip/banip.sources.gz | full path to the compressed source archive file used by banIP |
  143. | ban_localsources | list | maclist, whitelist, blacklist | limit the selection to certain local sources |
  144. | ban_extrasources | list | - | add additional, non-banIP related IPSets e.g. for reporting or queries |
  145. | ban_maclist_timeout | option | - | individual maclist IPSet timeout |
  146. | ban_whitelist_timeout | option | - | individual whitelist IPSet timeout |
  147. | ban_blacklist_timeout | option | - | individual blacklist IPSet timeout |
  148. | ban_logterms | list | dropbear, sshd, luci, nginx | limit the log monitor to certain log terms |
  149. | ban_loglimit | option | 100 | parse only the last stated number of log entries for suspicious events |
  150. | ban_ssh_logcount | option | 3 | number of the failed ssh login repetitions of the same ip in the log before banning |
  151. | ban_luci_logcount | option | 3 | number of the failed luci login repetitions of the same ip in the log before banning |
  152. | ban_nginx_logcount | option | 5 | number of the failed nginx requests of the same ip in the log before banning |
  153. ## Examples
  154. **list/edit banIP sources:**
  155. <pre><code>
  156. ~# /etc/init.d/banip list
  157. ::: Available banIP sources
  158. :::
  159. Name Enabled Focus Info URL
  160. ---------------------------------------------------------------------------
  161. + asn ASN blocks https://asn.ipinfo.app
  162. + bogon Bogon prefixes https://team-cymru.com
  163. + country x Country blocks https://www.ipdeny.com/ipblocks
  164. + darklist x Blocks suspicious attacker IPs https://darklist.de
  165. + debl x Fail2ban IP blacklist https://www.blocklist.de
  166. + doh x Public DoH-Provider https://github.com/dibdot/DoH-IP-blocklists
  167. + drop x Spamhaus drop compilation https://www.spamhaus.org
  168. + dshield x Dshield IP blocklist https://www.dshield.org
  169. + edrop Spamhaus edrop compilation https://www.spamhaus.org
  170. + feodo x Feodo Tracker https://feodotracker.abuse.ch
  171. + firehol1 x Firehol Level 1 compilation https://iplists.firehol.org/?ipset=firehol_level1
  172. + firehol2 Firehol Level 2 compilation https://iplists.firehol.org/?ipset=firehol_level2
  173. + firehol3 Firehol Level 3 compilation https://iplists.firehol.org/?ipset=firehol_level3
  174. + firehol4 Firehol Level 4 compilation https://iplists.firehol.org/?ipset=firehol_level4
  175. + greensnow x Blocks suspicious server IPs https://greensnow.co
  176. + iblockads Advertising blocklist https://www.iblocklist.com
  177. + iblockspy x Malicious spyware blocklist https://www.iblocklist.com
  178. + myip Myip Live IP blacklist https://myip.ms
  179. + nixspam x iX spam protection http://www.nixspam.org
  180. + proxy Firehol list of open proxies https://iplists.firehol.org/?ipset=proxylists
  181. + sslbl x SSL botnet IP blacklist https://sslbl.abuse.ch
  182. + talos x Cisco Talos IP Blacklist https://talosintelligence.com/reputation_center
  183. + threat x Emerging Threats https://rules.emergingthreats.net
  184. + tor x Tor exit nodes https://fissionrelays.net/lists
  185. + uceprotect1 x Spam protection level 1 http://www.uceprotect.net/en/index.php
  186. + uceprotect2 Spam protection level 2 http://www.uceprotect.net/en/index.php
  187. + voip x VoIP fraud blocklist http://www.voipbl.org
  188. + yoyo x Ad protection blacklist https://pgl.yoyo.org/adservers/
  189. ---------------------------------------------------------------------------
  190. * Configured ASNs: -
  191. * Configured Countries: af, bd, br, cn, hk, hu, id, il, in, iq, ir, kp, kr, no, pk, pl, ro, ru, sa, th, tr, ua, gb
  192. </code></pre>
  193. **receive banIP runtime information:**
  194. <pre><code>
  195. ~# /etc/init.d/banip status
  196. ::: banIP runtime information
  197. + status : enabled
  198. + version : 0.7.7
  199. + ipset_info : 2 IPSets with 30 IPs/Prefixes
  200. + active_sources : whitelist
  201. + active_devs : wlan0
  202. + active_ifaces : trm_wwan, trm_wwan6
  203. + active_logterms : dropbear, sshd, luci, nginx
  204. + active_subnets : xxx.xxx.xxx.xxx/24, xxxx:xxxx:xxxx:xx::xxx/128
  205. + run_infos : settype: src+dst, backup_dir: /tmp/banIP-Backup, report_dir: /tmp/banIP-Report
  206. + run_flags : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✘, whitelist only: ✔
  207. + last_run : restart, 0m 3s, 122/30/14, 21.04.2021 20:14:36
  208. + system : TP-Link RE650 v1, OpenWrt SNAPSHOT r16574-f7e00d81bc
  209. </code></pre>
  210. **black-/whitelist handling:**
  211. banIP supports a local black & whitelist (IPv4, IPv6, CIDR notation or domain names), located by default in /etc/banip/banip.whitelist and /etc/banip/banip.blacklist.
  212. Unsuccessful LuCI logins, suspicious nginx request or ssh login attempts via 'dropbear'/'sshd' could be tracked and automatically added to the local blacklist (see the 'ban_autoblacklist' option). Furthermore the uplink subnet could be automatically added to local whitelist (see 'ban_autowhitelist' option). The list behaviour could be further tweaked with different timeout and counter options (see the config options section above).
  213. Last but not least, both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets. The detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead.
  214. **whitelist-only mode:**
  215. banIP supports a "whitelist only" mode. This option allows to restrict the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the whitelist are blocked. Please note: suspend/resume does not work in this mode.
  216. **generate an IPSet report:**
  217. <pre><code>
  218. ~# /etc/init.d/banip report
  219. :::
  220. ::: report on all banIP related IPSets
  221. :::
  222. + Report timestamp ::: 04.02.2021 06:24:41
  223. + Number of all IPSets ::: 24
  224. + Number of all entries ::: 302448
  225. + Number of IP entries ::: 224748
  226. + Number of CIDR entries ::: 77700
  227. + Number of MAC entries ::: 0
  228. + Number of accessed entries ::: 36
  229. :::
  230. ::: IPSet details
  231. :::
  232. Name Type Count Cnt_IP Cnt_CIDR Cnt_MAC Cnt_ACC Entry details (Entry/Count)
  233. --------------------------------------------------------------------------------------------------------------------
  234. whitelist_4 src+dst 1 0 1 0 1
  235. xxx.xxxx.xxx.xxxx/24 85
  236. --------------------------------------------------------------------------------------------------------------------
  237. whitelist_6 src+dst 2 0 2 0 1
  238. xxxx:xxxx:xxxx::/64 29
  239. --------------------------------------------------------------------------------------------------------------------
  240. blacklist_4 src+dst 513 513 0 0 2
  241. 192.35.168.16 3
  242. 80.82.65.74 1
  243. --------------------------------------------------------------------------------------------------------------------
  244. blacklist_6 src+dst 1 1 0 0 0
  245. --------------------------------------------------------------------------------------------------------------------
  246. country_4 src 52150 0 52150 0 23
  247. 124.5.0.0/16 1
  248. 95.188.0.0/14 1
  249. 121.16.0.0/12 1
  250. 46.161.0.0/18 1
  251. 42.56.0.0/14 1
  252. 113.64.0.0/10 1
  253. 113.252.0.0/14 1
  254. 5.201.128.0/17 1
  255. 125.64.0.0/11 1
  256. 90.188.0.0/15 1
  257. 60.0.0.0/11 1
  258. 78.160.0.0/11 1
  259. 1.80.0.0/12 1
  260. 183.184.0.0/13 1
  261. 175.24.0.0/14 1
  262. 119.176.0.0/12 1
  263. 59.88.0.0/13 1
  264. 103.78.12.0/22 1
  265. 123.128.0.0/13 1
  266. 116.224.0.0/12 1
  267. 42.224.0.0/12 1
  268. 82.80.0.0/15 1
  269. 14.32.0.0/11 1
  270. --------------------------------------------------------------------------------------------------------------------
  271. country_6 src 20099 0 20099 0 0
  272. --------------------------------------------------------------------------------------------------------------------
  273. debl_4 src+dst 29389 29389 0 0 1
  274. 5.182.210.16 4
  275. --------------------------------------------------------------------------------------------------------------------
  276. debl_6 src+dst 64 64 0 0 0
  277. --------------------------------------------------------------------------------------------------------------------
  278. doh_4 src+dst 168 168 0 0 0
  279. --------------------------------------------------------------------------------------------------------------------
  280. doh_6 src+dst 122 122 0 0 0
  281. --------------------------------------------------------------------------------------------------------------------
  282. drop_4 src+dst 965 0 965 0 0
  283. --------------------------------------------------------------------------------------------------------------------
  284. drop_6 src+dst 36 0 36 0 0
  285. --------------------------------------------------------------------------------------------------------------------
  286. dshield_4 src+dst 20 0 20 0 1
  287. 89.248.165.0/24 1
  288. --------------------------------------------------------------------------------------------------------------------
  289. feodo_4 src+dst 325 325 0 0 0
  290. --------------------------------------------------------------------------------------------------------------------
  291. firehol1_4 src+dst 2763 403 2360 0 0
  292. --------------------------------------------------------------------------------------------------------------------
  293. iblockspy_4 src+dst 3650 2832 818 0 0
  294. --------------------------------------------------------------------------------------------------------------------
  295. nixspam_4 src+dst 9577 9577 0 0 0
  296. --------------------------------------------------------------------------------------------------------------------
  297. sslbl_4 src+dst 104 104 0 0 0
  298. --------------------------------------------------------------------------------------------------------------------
  299. threat_4 src+dst 1300 315 985 0 0
  300. --------------------------------------------------------------------------------------------------------------------
  301. tor_4 src+dst 1437 1437 0 0 0
  302. --------------------------------------------------------------------------------------------------------------------
  303. tor_6 src+dst 478 478 0 0 0
  304. --------------------------------------------------------------------------------------------------------------------
  305. uceprotect1_4 src+dst 156249 156249 0 0 6
  306. 192.241.220.137 1
  307. 128.14.137.178 1
  308. 61.219.11.153 1
  309. 138.34.32.33 1
  310. 107.174.133.130 2
  311. 180.232.99.46 1
  312. --------------------------------------------------------------------------------------------------------------------
  313. voip_4 src+dst 12563 12299 264 0 0
  314. --------------------------------------------------------------------------------------------------------------------
  315. yoyo_4 src+dst 10472 10472 0 0 1
  316. 204.79.197.200 2
  317. --------------------------------------------------------------------------------------------------------------------
  318. </code></pre>
  319. **Enable E-Mail notification via 'msmtp':**
  320. To use the email notification you have to install & configure the package 'msmtp'.
  321. Modify the file '/etc/msmtprc', e.g.:
  322. <pre><code>
  323. [...]
  324. defaults
  325. auth on
  326. tls on
  327. tls_certcheck off
  328. timeout 5
  329. syslog LOG_MAIL
  330. [...]
  331. account ban_notify
  332. host smtp.gmail.com
  333. port 587
  334. from &lt;address&gt;@gmail.com
  335. user &lt;gmail-user&gt;
  336. password &lt;password&gt;
  337. </code></pre>
  338. Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI.
  339. **Edit, add new banIP sources:**
  340. The banIP blocklist sources are stored in an external, compressed JSON file '/etc/banip/banip.sources.gz'.
  341. This file is directly parsed in LuCI and accessible via CLI, just call _/etc/init.d/banip list_.
  342. To add new or edit existing sources extract the compressed JSON file _gunzip /etc/banip/banip.sources.gz_.
  343. A valid JSON source object contains the following required information, e.g.:
  344. <pre><code>
  345. [...]
  346. "tor": {
  347. "url_4": "https://lists.fissionrelays.net/tor/exits-ipv4.txt",
  348. "url_6": "https://lists.fissionrelays.net/tor/exits-ipv6.txt",
  349. "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add tor_4 \"$1}",
  350. "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add tor_6 \"$1}",
  351. "focus": "Tor exit nodes",
  352. "descurl": "https://fissionrelays.net/lists"
  353. },
  354. [...]
  355. </code></pre>
  356. Add an unique object name, make the required changes to 'url_4', 'rule_4' (and/or 'url_6', 'rule_6'), 'focus' and 'descurl' and finally compress the changed JSON file _gzip /etc/banip/banip.sources.gz_ to use the new source object in banIP.
  357. <b>Please note:</b> if you're going to add new sources on your own, please make a copy of the default file and work with that copy further on, cause the default will be overwritten with every banIP update. To reference your copy set the option 'ban\_srcarc' which points by default to '/etc/banip/banip.sources.gz'
  358. ## Support
  359. Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
  360. ## Removal
  361. * stop all banIP related services with _/etc/init.d/banip stop_
  362. * optional: remove the banip package (_opkg remove banip_)
  363. Have fun!
  364. Dirk