* change iptables whitelist target from 'ACCEPT' to 'RETURN'
to stop traversing the banIP chain and resume at the next chain
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* remove needless sort step to reduce system load
* change maxqueue default in backend and LuCI frontend
to '4' to reduce (default) system load
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add automatic blocklist backup & restore, they will be used
in case of download errors or during startup in backup mode
* add a 'backup mode' to re-use blocklist backups during startup,
get fresh lists via reload or restart action
* procd interface trigger now supports multiple WAN interfaces
* change URL for abuse.ch/feodo list source in default config
* small fixes
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* support multiple WAN interfaces in iptables rules,
set 'ban_iface' option accordingly (as space separated list)
or use the LuCI frontend
* add new "refresh" mode while triggered by fw changes (no download)
* add required ip dependency
* fix wrong 'settype' definition for firehol1 in config
Signed-off-by: Dirk Brenken <dev@brenken.org>
a new script based package called "banIP" to block
incoming & outgoing ip adresses/subnets via ipset.
Features:
* a shell script which uses ipset and iptables
to ban a large number of IP addresses
published in various IP blacklists (bogon, firehol etc.)
* support blocking by ASN numbers
* support blocking by iso country codes
* support local white & blacklist (IPv4, IPv6 & CIDR notation)
* auto-add unsuccessful ssh login attempts to local blacklist
* auto-add the uplink subnet to local whitelist
* per source configuration of SRC (incoming) and DST (outgoing)
* supports IPv4 & IPv6
Strong LuCI support:
* easy interface to track & change all aspects of your ipset
configuration on the fly
* integrated IPSet-Lookup
* integrated RIPE-Lookup
* Log-Viewer & online configuration of white- & blacklist
LuCI-Screenshots will follow in the second post.
Forum discussion:
https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985
Signed-off-by: Dirk Brenken <dev@brenken.org>