openwrt-packages-dist/net/banip/files/banip.conf

config banip 'global'
	option ban_enabled '0'
	option ban_basever '0.3'
	option ban_automatic '1'
	option ban_realtime 'false'
	option ban_log_src '0'
	option ban_log_dst '0'

config banip 'extra'
	option ban_debug '0'
	option ban_maxqueue '4'

config source 'whitelist'
	option ban_src '/etc/banip/banip.whitelist'
	option ban_src_6 '/etc/banip/banip.whitelist'
	option ban_src_desc 'Always allow these IPs (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add whitelist \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add whitelist_6 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src+dst'
	option ban_src_on '1'
	option ban_src_on_6 '0'

config source 'blacklist'
	option ban_src '/etc/banip/banip.blacklist'
	option ban_src_6 '/etc/banip/banip.blacklist'
	option ban_src_desc 'Always deny these IPs (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add blacklist \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add blacklist_6 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src+dst'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'bogon'
	option ban_src 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt'
	option ban_src_6 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt'
	option ban_src_desc 'Bogon prefixes, plus prefixes that have been allocated to RIRs but not yet assigned to ISPs (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add bogon \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add bogon_6 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src+dst'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'DoH'
	option ban_src 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt'
	option ban_src_6 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt'
	option ban_src_desc 'List of public DoH providers (DNS over HTTPS) (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add DoH \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add DoH_6 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src+dst'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'tor'
	option ban_src 'https://check.torproject.org/exit-addresses'
	option ban_src_desc 'List of Tor Exit Nodes (IPv4)'
	option ban_src_rset '/^(ExitAddress ([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add tor \"\$2}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'threat'
	option ban_src 'https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt'
	option ban_src_desc 'Emerging Threats (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add threat \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'debl'
	option ban_src 'https://www.blocklist.de/downloads/export-ips_all.txt'
	option ban_src_6 'https://www.blocklist.de/downloads/export-ips_all.txt'
	option ban_src_desc 'Fail2ban reporting service (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add debl \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add debl_6 \"\$1}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'myip'
	option ban_src 'https://www.myip.ms/files/blacklist/general/latest_blacklist.txt'
	option ban_src_6 'https://www.myip.ms/files/blacklist/general/latest_blacklist.txt'
	option ban_src_desc 'IP blacklist provided by myip.ms (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add myip \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add myip_6 \"\$1}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'yoyo'
	option ban_src 'https://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext'
	option ban_src_desc 'IP blocklist provided by Peter Lowe (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add yoyo \"\$1}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'sslbl'
	option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv'
	option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)'
	option ban_src_rset 'BEGIN{FS=\",\"}/(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$2}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'ransomware'
	option ban_src 'https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt'
	option ban_src_desc 'Ransomware Tracker by abuse.ch (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add ransomware \"\$1}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'feodo'
	option ban_src 'https://feodotracker.abuse.ch/downloads/ipblocklist.txt'
	option ban_src_desc 'Feodo Tracker by abuse.ch (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add feodo \"\$1}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'dshield'
	option ban_src 'https://feeds.dshield.org/block.txt'
	option ban_src_desc 'Dshield recommended IP blocklist. Contains top 20 attacking class C subnets (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add dshield \"\$1 \"/\"\$3}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'proxy'
	option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists.ipset'
	option ban_src_desc 'List of Open Proxies (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add proxy \"\$1}'
	option ban_src_settype 'ip'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'iblocklist'
	option ban_src 'https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz'
	option ban_src_desc 'Contains advertising trackers and a short list of bad/intrusive porn sites (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add iblocklist \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'drop'
	option ban_src 'https://www.spamhaus.org/drop/drop.txt'
	option ban_src_6 'https://www.spamhaus.org/drop/dropv6.txt'
	option ban_src_desc 'Spamhaus drop compilation (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add drop \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add drop_6 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'edrop'
	option ban_src 'https://www.spamhaus.org/drop/edrop.txt'
	option ban_src_desc 'Spamhaus edrop compilation (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add edrop \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'firehol1'
	option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset'
	option ban_src_desc 'Firehol Level 1 compilation. Contains bogons, spamhaus drop and edrop, dshield and malware lists (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol1 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'firehol2'
	option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset'
	option ban_src_desc 'Firehol Level 2 compilation. Contains blocklists that track attacks, during the last 48 hours (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol2 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'firehol3'
	option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset'
	option ban_src_desc 'Firehol Level 3 compilation. Contains blocklists that track attacks, spyware and viruses (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol3 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'firehol4'
	option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset'
	option ban_src_desc 'Firehol Level 4 compilation. May include a large number of false positives (IPv4)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol4 \"\$1}'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'

config source 'country'
	option ban_src 'https://stat.ripe.net/data/country-resource-list/data.json?resource='
	option ban_src_6 'https://stat.ripe.net/data/country-resource-list/data.json?resource='
	option ban_src_desc 'Build a dynamic IPSet by country iso codes based on RIPE data (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add country \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add country_6 \"\$1}'
	list ban_src_cat 'de'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'
	option ban_src_on_6 '0'

config source 'asn'
	option ban_src 'https://stat.ripe.net/data/announced-prefixes/data.json?resource='
	option ban_src_6 'https://stat.ripe.net/data/announced-prefixes/data.json?resource='
	option ban_src_desc 'Build a dynamic IPSet by ASN numbers based on RIPE data (IPv4/IPv6)'
	option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add asn \"\$1}'
	option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add asn_6 \"\$1}'
	list ban_src_cat '32934'
	option ban_src_settype 'net'
	option ban_src_ruletype 'src'
	option ban_src_on '0'
	option ban_src_on_6 '0'