From: Dirk Brenken Date: Sat, 14 Jun 2025 17:47:19 +0000 (+0200) Subject: banIP: update 1.5.6-5 X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=645b0ab1371790c79c8f5a5d8d8125cf9624c8bb;p=feed%2Fpackages.git banIP: update 1.5.6-5 * fixed the restore rc handling * skip allowlist entries during map creation * disable the map button by default (only enabled if map & NFT counter are selected) * disable the content filter checkbox for elements with hits by default (only enabled if NFT counter are selected) * readme update Signed-off-by: Dirk Brenken --- diff --git a/net/banip/Makefile b/net/banip/Makefile index 3dec5c9a22..e0fcaa651c 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=1.5.6 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index c696fb3170..6ac676c803 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -109,11 +109,12 @@ IP address blocking is commonly used to protect against brute force attacks, pre ## Installation and Usage * Update your local opkg/apk repository * Install the LuCI companion package 'luci-app-banip' which also installs the main 'banip' package as a dependency +* Enable the banIP system service (System -> Startup) and enable banIP itself (banIP -> General Settings) * It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu * It's also recommended to configure a 'Reload Trigger Interface' to depend on your WAN ifup events during boot or restart of your router * To be able to use banIP in a meaningful way, you must activate the service and possibly also activate a few blocklist feeds * If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually -* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs +* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status', also check the 'Processing Log' tab ## banIP CLI interface @@ -482,6 +483,7 @@ C8:C2:9B:F7:80:12 => this will be populated to ``` **Set reporting, enable the GeoIP Map** +banIP includes a powerful reporting tool on the Set Reporting tab which shows the latest NFT banIP Set statistics. To get the latest statistics always press the "Refresh" button. In addition to a tabular overview banIP reporting includes a GeoIP map in a modal popup window/iframe that shows the geolocation of your own uplink addresses (in green) and the locations of potential attackers (in red). To enable the GeoIP Map set the following options (in "Feed/Set Settings" config tab): * set 'ban_nftcount' to '1' to enable the nft counter for every Set element diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 836deae4b5..901b5797e4 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -873,10 +873,11 @@ f_down() { if [ "${etag_rc}" = "0" ] || [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; then if [ "${feed%%.*}" = "allowlist" ] && [ ! -f "${tmp_allow}" ]; then f_restore "allowlist" "-" "${tmp_allow}" "${etag_rc}" + restore_rc="${?}" else f_restore "${feed}" "${feed_url}" "${tmp_load}" "${etag_rc}" + restore_rc="${?}" fi - restore_rc="${?}" feed_rc="${restore_rc}" fi fi @@ -1618,6 +1619,7 @@ f_report() { json_get_keys table_sets >/dev/null 2>&1 if [ -n "${table_sets}" ]; then for item in ${table_sets}; do + [ "${item%%_*}" = "allowlist" ] && continue json_select "${item}" json_get_keys set_details for detail in ${set_details}; do