LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23334 Commits
1 Branch
46 MiB
Tree: dad658c35f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dad658c35f'
${ noResults }
openwrt-packages-dist/net/banip/files/README.md

368 lines
31 KiB
Raw Normal View History

banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.1.5 * add extra options to control auto-addons to blacklist & whitelist ('ban_autoblacklist' & 'ban_autowhitelist', both enabled by default). If disabled auto-addons are only stored temporary in the black/whitelist ipset but not in the list itself, fixes #9631 * remove old, no longer needed procd workaround * remove 'zeus' source from default config (discontinued) Signed-off-by: Dirk Brenken <dev@brenken.org> Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: update 0.2.0 * remove 'http-only' mode, all sources are now fetched from https sites * the backup mode is now mandatory ('/tmp' is the default backup directory), always create and re-use backups if available. To force a re-download take the 'reload' action. * support 'sshd' in addition to 'dropbear' for logfile parsing to detect break-in events * always update the black-/whitelist with logfile parsing results in 'refresh' mode (no new downloads) * rework the return code handling * tweak procd trigger * various small fixes * (s)hellsheck cosmetics Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: update 0.2.0 * remove 'http-only' mode, all sources are now fetched from https sites * the backup mode is now mandatory ('/tmp' is the default backup directory), always create and re-use backups if available. To force a re-download take the 'reload' action. * support 'sshd' in addition to 'dropbear' for logfile parsing to detect break-in events * always update the black-/whitelist with logfile parsing results in 'refresh' mode (no new downloads) * rework the return code handling * tweak procd trigger * various small fixes * (s)hellsheck cosmetics Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: Added packet logging feature. Resolved shellcheck warnings. Signed-off-by: Richard Gering <rg4github@dutchies.us>
4 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: Added packet logging feature. Resolved shellcheck warnings. Signed-off-by: Richard Gering <rg4github@dutchies.us>
4 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: Added packet logging feature. Resolved shellcheck warnings. Signed-off-by: Richard Gering <rg4github@dutchies.us>
4 years ago
banIP: release 0.1.0 * add automatic blocklist backup & restore, they will be used in case of download errors or during startup in backup mode * add a 'backup mode' to re-use blocklist backups during startup, get fresh lists via reload or restart action * procd interface trigger now supports multiple WAN interfaces * change URL for abuse.ch/feodo list source in default config * small fixes * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: release 0.7.1 * add 'ban_extrasources' to handle banIP-unrelated sets for reporting and queries * add set timeouts for local sources (maclist, whitelist, blacklist) Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: Added packet logging feature. Resolved shellcheck warnings. Signed-off-by: Richard Gering <rg4github@dutchies.us>
4 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: release 0.7.1 * add 'ban_extrasources' to handle banIP-unrelated sets for reporting and queries * add set timeouts for local sources (maclist, whitelist, blacklist) Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banIP: release 0.1.0 * add automatic blocklist backup & restore, they will be used in case of download errors or during startup in backup mode * add a 'backup mode' to re-use blocklist backups during startup, get fresh lists via reload or restart action * procd interface trigger now supports multiple WAN interfaces * change URL for abuse.ch/feodo list source in default config * small fixes * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
banip: new package to block incoming & outgoing ip addresses a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years ago
 
  1. <!-- markdownlint-disable -->
  2. 

  3. # banIP - ban incoming and/or outgoing ip adresses via ipsets

  4. 

  5. ## Description

  6. IP address blocking is commonly used to protect against brute force attacks, prevent disruptive or unauthorized address(es) from access or it can be used to restrict access to or from a particular geographic area — for example.  
  7. 

  8. ## Main Features

  9. * Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses)
  10. 

  11. | Source              | Focus                        | Information                                                                       |
  12. | :------------------ | :--------------------------: | :-------------------------------------------------------------------------------- |
  13. | asn                 | ASN block                    | [Link](https://asn.ipinfo.app)                                                    |
  14. | bogon               | Bogon prefixes               | [Link](https://team-cymru.com)                                                    |
  15. | country             | Country blocks               | [Link](https://www.ipdeny.com/ipblocks)                                           |
  16. | darklist            | Attacker IP blacklist        | [Link](https://darklist.de)                                                       |
  17. | debl                | Fail2ban IP blacklist        | [Link](https://www.blocklist.de)                                                  |
  18. | doh                 | Public DoH-Provider          | [Link](https://github.com/dibdot/DoH-IP-blocklists)                               |
  19. | drop                | Spamhaus drop compilation    | [Link](https://www.spamhaus.org)                                                  |
  20. | dshield             | Dshield IP blocklist         | [Link](https://www.dshield.org)                                                   |
  21. | edrop               | Spamhaus edrop compilation   | [Link](https://www.spamhaus.org)                                                  |
  22. | feodo               | Feodo Tracker                | [Link](https://feodotracker.abuse.ch)                                             |
  23. | firehol1            | Firehol Level 1 compilation  | [Link](https://iplists.firehol.org/?ipset=firehol_level1)                         |
  24. | firehol2            | Firehol Level 2 compilation  | [Link](https://iplists.firehol.org/?ipset=firehol_level2)                         |
  25. | firehol3            | Firehol Level 3 compilation  | [Link](https://iplists.firehol.org/?ipset=firehol_level3)                         |
  26. | firehol4            | Firehol Level 4 compilation  | [Link](https://iplists.firehol.org/?ipset=firehol_level4)                         |
  27. | iblockads           | Advertising blocklist        | [Link](https://www.iblocklist.com)                                                |
  28. | iblockspy           | Malicious spyware blocklist  | [Link](https://www.iblocklist.com)                                                |
  29. | myip                | Myip Live IP blacklist       | [Link](https://myip.ms)                                                           |
  30. | nixspam             | iX spam protection           | [Link](http://www.nixspam.org)                                                    |
  31. | proxy               | Firehol list of open proxies | [Link](https://iplists.firehol.org/?ipset=proxylists)                             |
  32. | ssbl                | SSL botnet IP blacklist      | [Link](https://sslbl.abuse.ch)                                                    |
  33. | threat              | Emerging Threats             | [Link](https://rules.emergingthreats.net)                                         |
  34. | tor                 | Tor exit nodes               | [Link](https://fissionrelays.net/lists)                                           |
  35. | uceprotect1         | Spam protection level 1      | [Link](http://www.uceprotect.net/en/index.php)                                    |
  36. | uceprotect2         | Spam protection level 2      | [Link](http://www.uceprotect.net/en/index.php)                                    |
  37. | voip                | VoIP fraud blocklist         | [Link](http://www.voipbl.org)                                                     |
  38. | yoyo                | Ad protection blacklist      | [Link](https://pgl.yoyo.org/adservers/)                                           |
  39. 

  40. * zero-conf like automatic installation & setup, usually no manual changes needed
  41. * automatically selects one of the following download utilities: aria2c, curl, uclient-fetch, wget
  42. * Really fast downloads & list processing as they are handled in parallel as background jobs in a configurable 'Download Queue'
  43. * full IPv4 and IPv6 support
  44. * ipsets (one per source) are used to ban a large number of IP addresses
  45. * supports blocking by ASN numbers
  46. * supports blocking by iso country codes
  47. * supports local white & blacklist (IPv4, IPv6 & CIDR notation), located by default in /etc/banip/banip.whitelist and /etc/banip/banip.blacklist
  48. * auto-add unsuccessful LuCI and ssh login attempts via 'dropbear' or 'sshd' to local blacklist (see 'ban_autoblacklist' option)
  49. * auto-add the uplink subnet to local whitelist (see 'ban_autowhitelist' option)
  50. * provides a small background log monitor to ban unsuccessful login attempts in real-time
  51. * per source configuration of SRC (incoming) and DST (outgoing)
  52. * integrated IPSet-Lookup
  53. * integrated RIPE-Lookup
  54. * blocklist source parsing by fast & flexible regex rulesets
  55. * minimal status & error logging to syslog, enable debug logging to receive more output
  56. * procd based init system support (start/stop/restart/reload/refresh/status)
  57. * procd network interface trigger support
  58. * automatic blocklist backup & restore, they will be used in case of download errors or during startup
  59. * Provides comprehensive runtime information
  60. * Provides a detailed IPSet Report
  61. * Provides a powerful query function to quickly find blocked IPs/CIDR in banIP related IPSets
  62. * Provides an easily configurable blocklist update scheduler called 'Refresh Timer'
  63. * strong LuCI support
  64. * optional: add new banIP sources on your own
  65. 

  66. ## Prerequisites

  67. * [OpenWrt](https://openwrt.org), tested with the stable release series (19.07.x) and with the latest rolling snapshot releases. On turris devices it has been successfully tested with TurrisOS 5.2.x  
  68.   <b>Please note:</b> Older OpenWrt releases like 18.06.x or 17.01.x are _not_ supported!  
  69.   <b>Please note:</b> Devices with less than 128 MByte RAM are _not_ supported!  
  70. * A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
  71. * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
  72. * Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package
  73. 

  74. ## Installation & Usage

  75. * Update your local opkg repository (_opkg update_)
  76. * Install 'banip' (_opkg install banip_). The banIP service is disabled by default
  77. * Install the LuCI companion package 'luci-app-banip' (_opkg install luci-app-banip_)
  78. * It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
  79. 

  80. ## banIP CLI

  81. * All important banIP functions are accessible via CLI as well.  
  82. <pre><code>
  83. ~# /etc/init.d/banip 
  84. Syntax: /etc/init.d/banip [command]
  85. 

  86. Available commands:
  87. 	start           Start the service
  88. 	stop            Stop the service
  89. 	restart         Restart the service
  90. 	reload          Reload configuration files (or restart if service does not implement reload)
  91. 	enable          Enable service autostart
  92. 	disable         Disable service autostart
  93. 	enabled         Check if service is started on boot
  94. 	refresh         Refresh ipsets without new list downloads
  95. 	suspend         Suspend banIP processing
  96. 	resume          Resume banIP processing
  97. 	query           &lt;IP&gt; Query active banIP IPSets for a specific IP address
  98. 	report          [&lt;cli&gt;|&lt;mail&gt;|&lt;gen&gt;|&lt;json&gt;] Print banIP related IPset statistics
  99. 	list            [&lt;add&gt;|&lt;add_asn&gt;|&lt;add_country&gt;|&lt;remove>|&lt;remove_asn&gt;|&lt;remove_country&gt;] &lt;source(s)&gt; List/Edit available sources
  100. 	timer           [&lt;add&gt; &lt;tasks&gt; &lt;hour&gt; [&lt;minute&gt;] [&lt;weekday&gt;]]|[&lt;remove&gt; &lt;line no.&gt;] List/Edit cron update intervals
  101. 	version         Print version information
  102. 	running         Check if service is running
  103. 	status          Service status
  104. 	trace           Start with syscall trace
  105. </code></pre>
  106. 

  107. ## banIP config options

  108. * Usually the auto pre-configured banIP setup works quite well and no manual overrides are needed
  109. 

  110. | Option                  | Type   | Default                       | Description                                                                           |
  111. | :---------------------- | :----- | :---------------------------- | :------------------------------------------------------------------------------------ |
  112. | ban_enabled             | option | 0                             | enable the banIP service                                                              |
  113. | ban_autodetect          | option | 1                             | auto-detect wan interfaces, devices and subnets                                       |
  114. | ban_debug               | option | 0                             | enable banIP related debug logging                                                    |
  115. | ban_mail_enabled        | option | 0                             | enable the mail service                                                               |
  116. | ban_monitor_enabled     | option | 0                             | enable the log monitor, e.g. to catch failed ssh/luci logins                          |
  117. | ban_logsrc_enabled      | option | 0                             | enable the src-related logchain                                                       |
  118. | ban_logdst_enabled      | option | 0                             | enable the dst-related logchain                                                       |
  119. | ban_autoblacklist       | option | 1                             | add suspicious IPs automatically to the local blacklist                               |
  120. | ban_autowhitelist       | option | 1                             | add wan IPs/subnets automatically to the local whitelist                              |
  121. | ban_maxqueue            | option | 4                             | size of the download queue to handle downloads and processing in parallel             |
  122. | ban_reportdir           | option | /tmp/banIP-Report             | directory where banIP stores the report files                                         |
  123. | ban_backupdir           | option | /tmp/banIP-Backup             | directory where banIP stores the compressed backup files                              |
  124. | ban_ifaces              | list   | -                             | list option to add logical wan interfaces manually                                    |
  125. | ban_sources             | list   | -                             | list option to add banIP sources                                                      |
  126. | ban_countries           | list   | -                             | list option to add certain countries as an alpha-2 ISO code, e.g. 'de' for germany    |
  127. | ban_asns                | list   | -                             | list option to add certain ASNs (autonomous system number), e.g. '32934' for facebook |
  128. | ban_chain               | option | banIP                         | name of the root chain used by banIP                                                  |
  129. | ban_global_settype      | option | src+dst                       | global settype as default for all sources                                             |
  130. | ban_settype_src         | list   | -                             | special SRC settype for a certain sources                                             |
  131. | ban_settype_dst         | list   | -                             | special DST settype for a certain sources                                             |
  132. | ban_settype_all         | list   | -                             | special SRC+DST settype for a certain sources                                         |
  133. | ban_target_src          | option | DROP                          | default src action (used by log chains as well)                                       |
  134. | ban_target_dst          | option | REJECT                        | default dst action (used by log chains as well)                                       |
  135. | ban_lan_inputchains_4   | list   | input_lan_rule                | list option to add IPv4 lan input chains                                              |
  136. | ban_lan_inputchains_6   | list   | input_lan_rule                | list option to add IPv6 lan input chains                                              |
  137. | ban_lan_forwardchains_4 | list   | forwarding_lan_rule           | list option to add IPv4 lan forward chains                                            |
  138. | ban_lan_forwardchains_6 | list   | forwarding_lan_rule           | list option to add IPv6 lan forward chains                                            |
  139. | ban_wan_inputchains_4   | list   | input_wan_rule                | list option to add IPv4 wan input chains                                              |
  140. | ban_wan_inputchains_6   | list   | input_wan_rule                | list option to add IPv6 wan input chains                                              |
  141. | ban_wan_forwardchains_4 | list   | forwarding_wan_rule           | list option to add IPv4 wan forward chains                                            |
  142. | ban_wan_forwardchains_6 | list   | forwarding_wan_rule           | list option to add IPv6 wan forward chains                                            |
  143. | ban_mailreceiver        | option | -                             | receiver address for banIP related notification E-Mails                               |
  144. | ban_mailsender          | option | no-reply@banIP                | sender address for banIP related notification E-Mails                                 |
  145. | ban_mailtopic           | option | banIP notification            | topic for banIP related notification E-Mails                                          |
  146. | ban_mailprofile         | option | ban_notify                    | mail profile used in 'msmtp' for banIP related notification E-Mails                   |
  147. | ban_srcarc              | option | /etc/banip/banip.sources.gz   | full path to the compressed source archive file used by banIP                         |
  148. | ban_localsources        | list   | maclist, whitelist, blacklist | limit the selection to certain local sources                                          |
  149. | ban_extrasources        | list   | -                             | add additional, non-banIP related IPSets e.g. for reporting or queries                |
  150. | ban_maclist_timeout     | option | -                             | individual maclist IPSet timeout                                                      |
  151. | ban_whitelist_timeout   | option | -                             | individual whitelist IPSet timeout                                                    |
  152. | ban_blacklist_timeout   | option | -                             | individual blacklist IPSet timeout                                                    |
  153.   
  154. ## Examples

  155. **list/edit banIP sources:**
  156. 

  157. <pre><code>
  158. ~# /etc/init.d/banip list
  159. ::: Available banIP sources
  160. :::
  161.     Name                 Enabled   Focus                               Info URL
  162.     ---------------------------------------------------------------------------
  163.   + asn                            ASN blocks                          https://asn.ipinfo.app
  164.   + bogon                          Bogon prefixes                      https://team-cymru.com
  165.   + country              x         Country blocks                      https://www.ipdeny.com/ipblocks
  166.   + debl                 x         Fail2ban IP blacklist               https://www.blocklist.de
  167.   + doh                  x         Public DoH-Provider                 https://github.com/dibdot/DoH-IP-blocklists
  168.   + drop                 x         Spamhaus drop compilation           https://www.spamhaus.org
  169.   + dshield              x         Dshield IP blocklist                https://www.dshield.org
  170.   + edrop                          Spamhaus edrop compilation          https://www.spamhaus.org
  171.   + feodo                x         Feodo Tracker                       https://feodotracker.abuse.ch
  172.   + firehol1             x         Firehol Level 1 compilation         https://iplists.firehol.org/?ipset=firehol_level1
  173.   + firehol2                       Firehol Level 2 compilation         https://iplists.firehol.org/?ipset=firehol_level2
  174.   + firehol3                       Firehol Level 3 compilation         https://iplists.firehol.org/?ipset=firehol_level3
  175.   + firehol4                       Firehol Level 4 compilation         https://iplists.firehol.org/?ipset=firehol_level4
  176.   + iblockads                      Advertising blocklist               https://www.iblocklist.com
  177.   + iblockspy            x         Malicious spyware blocklist         https://www.iblocklist.com
  178.   + myip                           Myip Live IP blacklist              https://myip.ms
  179.   + nixspam              x         iX spam protection                  http://www.nixspam.org
  180.   + proxy                          Firehol list of open proxies        https://iplists.firehol.org/?ipset=proxylists
  181.   + sslbl                x         SSL botnet IP blacklist             https://sslbl.abuse.ch
  182.   + threat               x         Emerging Threats                    https://rules.emergingthreats.net
  183.   + tor                  x         Tor exit nodes                      https://fissionrelays.net/lists
  184.   + uceprotect1          x         Spam protection level 1             http://www.uceprotect.net/en/index.php
  185.   + uceprotect2                    Spam protection level 2             http://www.uceprotect.net/en/index.php
  186.   + voip                 x         VoIP fraud blocklist                http://www.voipbl.org
  187.   + yoyo                 x         Ad protection blacklist             https://pgl.yoyo.org/adservers/
  188.     ---------------------------------------------------------------------------
  189.   * Configured ASNs: -
  190.   * Configured Countries: af, bd, br, cn, hk, hu, id, il, in, iq, ir, kp, kr, no, pk, pl, ro, ru, sa, th, tr, ua, gb
  191. </code></pre>
  192.   
  193. **receive banIP runtime information:**
  194. 

  195. <pre><code>
  196. ~# /etc/init.d/banip status
  197. ::: banIP runtime information
  198.   + status          : enabled
  199.   + version         : 0.7.0
  200.   + ipset_info      : 23 IPSets with 302008 IPs/Prefixes
  201.   + active_sources  : blacklist, country, debl, doh, drop, dshield, feodo, firehol1, iblockspy, nixspam, sslbl, threat, 
  202.                       tor, uceprotect1, voip, whitelist, yoyo
  203.   + active_devs     : eth3
  204.   + active_ifaces   : wan, wan6
  205.   + active_logterms : dropbear, sshd, luci
  206.   + active_subnets  : xxx.xxx.x.xxx/24, xxxx:xxxx:xxxx:x:xxxx:xxxx:xxxx:xxxx/64
  207.   + run_infos       : settype: src+dst, backup_dir: /mnt/data/banip, report_dir: /tmp/banIP-Report
  208.   + run_flags       : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✔
  209.   + last_run        : refresh, 0m 16s, 4019/3527/3680, 03.02.2021 19:57:46
  210.   + system          : PC Engines apu4, OpenWrt SNAPSHOT r15556-20a0d435d8
  211. </code></pre>
  212.   
  213. **generate an IPSet report:**
  214. 

  215. <pre><code>
  216. ~# /etc/init.d/banip report
  217. :::
  218. ::: report on all banIP related IPSets
  219. :::
  220.   + Report timestamp           ::: 04.02.2021 06:24:41
  221.   + Number of all IPSets       ::: 24
  222.   + Number of all entries      ::: 302448
  223.   + Number of IP entries       ::: 224748
  224.   + Number of CIDR entries     ::: 77700
  225.   + Number of MAC entries      ::: 0
  226.   + Number of accessed entries ::: 36
  227. :::
  228. ::: IPSet details
  229. :::
  230.     Name                 Type        Count      Cnt_IP    Cnt_CIDR  Cnt_MAC   Cnt_ACC   Entry details (Entry/Count)
  231.     --------------------------------------------------------------------------------------------------------------------
  232.     whitelist_4          src+dst     1          0         1         0         1
  233.                                                                                         xxx.xxxx.xxx.xxxx/24     85
  234.     --------------------------------------------------------------------------------------------------------------------
  235.     whitelist_6          src+dst     2          0         2         0         1
  236.                                                                                         xxxx:xxxx:xxxx::/64      29
  237.     --------------------------------------------------------------------------------------------------------------------
  238.     blacklist_4          src+dst     513        513       0         0         2
  239.                                                                                         192.35.168.16            3
  240.                                                                                         80.82.65.74              1
  241.     --------------------------------------------------------------------------------------------------------------------
  242.     blacklist_6          src+dst     1          1         0         0         0
  243.     --------------------------------------------------------------------------------------------------------------------
  244.     country_4            src         52150      0         52150     0         23
  245.                                                                                         124.5.0.0/16             1
  246.                                                                                         95.188.0.0/14            1
  247.                                                                                         121.16.0.0/12            1
  248.                                                                                         46.161.0.0/18            1
  249.                                                                                         42.56.0.0/14             1
  250.                                                                                         113.64.0.0/10            1
  251.                                                                                         113.252.0.0/14           1
  252.                                                                                         5.201.128.0/17           1
  253.                                                                                         125.64.0.0/11            1
  254.                                                                                         90.188.0.0/15            1
  255.                                                                                         60.0.0.0/11              1
  256.                                                                                         78.160.0.0/11            1
  257.                                                                                         1.80.0.0/12              1
  258.                                                                                         183.184.0.0/13           1
  259.                                                                                         175.24.0.0/14            1
  260.                                                                                         119.176.0.0/12           1
  261.                                                                                         59.88.0.0/13             1
  262.                                                                                         103.78.12.0/22           1
  263.                                                                                         123.128.0.0/13           1
  264.                                                                                         116.224.0.0/12           1
  265.                                                                                         42.224.0.0/12            1
  266.                                                                                         82.80.0.0/15             1
  267.                                                                                         14.32.0.0/11             1
  268.     --------------------------------------------------------------------------------------------------------------------
  269.     country_6            src         20099      0         20099     0         0
  270.     --------------------------------------------------------------------------------------------------------------------
  271.     debl_4               src+dst     29389      29389     0         0         1
  272.                                                                                         5.182.210.16             4
  273.     --------------------------------------------------------------------------------------------------------------------
  274.     debl_6               src+dst     64         64        0         0         0
  275.     --------------------------------------------------------------------------------------------------------------------
  276.     doh_4                src+dst     168        168       0         0         0
  277.     --------------------------------------------------------------------------------------------------------------------
  278.     doh_6                src+dst     122        122       0         0         0
  279.     --------------------------------------------------------------------------------------------------------------------
  280.     drop_4               src+dst     965        0         965       0         0
  281.     --------------------------------------------------------------------------------------------------------------------
  282.     drop_6               src+dst     36         0         36        0         0
  283.     --------------------------------------------------------------------------------------------------------------------
  284.     dshield_4            src+dst     20         0         20        0         1
  285.                                                                                         89.248.165.0/24          1
  286.     --------------------------------------------------------------------------------------------------------------------
  287.     feodo_4              src+dst     325        325       0         0         0
  288.     --------------------------------------------------------------------------------------------------------------------
  289.     firehol1_4           src+dst     2763       403       2360      0         0
  290.     --------------------------------------------------------------------------------------------------------------------
  291.     iblockspy_4          src+dst     3650       2832      818       0         0
  292.     --------------------------------------------------------------------------------------------------------------------
  293.     nixspam_4            src+dst     9577       9577      0         0         0
  294.     --------------------------------------------------------------------------------------------------------------------
  295.     sslbl_4              src+dst     104        104       0         0         0
  296.     --------------------------------------------------------------------------------------------------------------------
  297.     threat_4             src+dst     1300       315       985       0         0
  298.     --------------------------------------------------------------------------------------------------------------------
  299.     tor_4                src+dst     1437       1437      0         0         0
  300.     --------------------------------------------------------------------------------------------------------------------
  301.     tor_6                src+dst     478        478       0         0         0
  302.     --------------------------------------------------------------------------------------------------------------------
  303.     uceprotect1_4        src+dst     156249     156249    0         0         6
  304.                                                                                         192.241.220.137          1
  305.                                                                                         128.14.137.178           1
  306.                                                                                         61.219.11.153            1
  307.                                                                                         138.34.32.33             1
  308.                                                                                         107.174.133.130          2
  309.                                                                                         180.232.99.46            1
  310.     --------------------------------------------------------------------------------------------------------------------
  311.     voip_4               src+dst     12563      12299     264       0         0
  312.     --------------------------------------------------------------------------------------------------------------------
  313.     yoyo_4               src+dst     10472      10472     0         0         1
  314.                                                                                         204.79.197.200           2
  315.     --------------------------------------------------------------------------------------------------------------------
  316. </code></pre>
  317.   
  318. **Enable E-Mail notification via 'msmtp':**  
  319. To use the email notification you have to install & configure the package 'msmtp'.  
  320. Modify the file '/etc/msmtprc', e.g.:
  321. <pre><code>
  322. [...]
  323. defaults
  324. auth            on
  325. tls             on
  326. tls_certcheck   off
  327. timeout         5
  328. syslog          LOG_MAIL
  329. [...]
  330. account         ban_notify
  331. host            smtp.gmail.com
  332. port            587
  333. from            <address>k@gmail.com
  334. user            <gmail-user>
  335. password        <password>
  336. </code></pre>
  337. Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI.
  338.   
  339. **Edit, add new banIP sources:**  
  340. The banIP blocklist sources are stored in an external, compressed JSON file '/etc/banip/banip.sources.gz'. 
  341. This file is directly parsed in LuCI and accessible via CLI, just call _/etc/init.d/banip list_.
  342. 

  343. To add new or edit existing sources extract the compressed JSON file _gunzip /etc/banip/banip.sources.gz_.  
  344. A valid JSON source object contains the following required information, e.g.:
  345. <pre><code>
  346. 	[...]
  347. 	"tor": {
  348. 		"url_4": "https://lists.fissionrelays.net/tor/exits-ipv4.txt",
  349. 		"url_6": "https://lists.fissionrelays.net/tor/exits-ipv6.txt",
  350. 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add tor_4 \"$1}",
  351. 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add tor_6 \"$1}",
  352. 		"focus": "Tor exit nodes",
  353. 		"descurl": "https://fissionrelays.net/lists"
  354. 	},
  355. 	[...]
  356. </code></pre>
  357. Add an unique object name, make the required changes to 'url_4', 'rule_4' (and/or 'url_6', 'rule_6'), 'focus' and 'descurl' and finally compress the changed JSON file _gzip /etc/banip/banip.sources.gz_ to use the new source object in banIP.  
  358. <b>Please note:</b> if you're going to add new sources on your own, please make a copy of the default file and work with that copy further on, cause the default will be overwritten with every banIP update. To reference your copy set the option 'ban\_srcarc' which points by default to '/etc/banip/banip.sources.gz'  
  359.   
  360. ## Support

  361. Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>  
  362. 

  363. ## Removal

  364. * stop all banIP related services with _/etc/init.d/banip stop_
  365. * optional: remove the banip package (_opkg remove banip_)
  366. 

  367. Have fun!  
  368. Dirk