BanIP for specific LAN station/IPsets/times

Installing and Using OpenWrt
1

I have checked the banIP support thread, but I don't see the answer there, and it is a locked topic, so I can't add anything there - hence this "new" post. It is, of course, possible that I simply missed the right thread there, so if anyone can redirect me to the right one, that'd be great.
I understand that blocking FB is possible using ASN number etc - is it possible to do this

  1. for a specific LAN IP/mac
  2. for a specific LAN ipset
  3. on a schedule (eg. allow/ban only at lunchtime/afterhours)
  4. a combo/mix of the above possibilities

Anyone have an example config for a dummy :crazy_face: who learns-by-sample?

Thanks

2

It is executed by firewall configuration by cron.

3

I can set this for the scheduling part - thank you...but I am not sure how to restrict a particular station from accessing the IPset/ASN. Do you know of an example I can follow for this part?

The fw3 page example - shows something like below
[I have added in my "wishlist" to the config example on the 1st 3 lines]

config	rule
	option	src		'IP.of.pc.2.block'
	option	src_mac		'xx:xx:xx:xx:xx:xx'
	option	dest		'ipset-or-ASN-list'

	option	proto		'tcpudp'
	option	start_time	'21:00:00'
	option	stop_time	'09:00:00'
	option	utc_time	'0'
	option	weekdays	'Mon Tue Wed Thu Fri'
	option	target		'REJECT'
	option	name		'REJECT-LAN-WAN-TIME'
	option	enabled		'1'

Is any of this possible?

4

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_config_ipset

1 Like