Currently I'm working on a new release (far call, not ready yet) ... could you please PM me with more config details to better understand your requirement? Thanks!
Thank you for hint, I read the previous posts, but advice there is to install banip version 0.3.12, which I already have. In banip IPset lookup I can see banned IPs/subnets, but nothing appears in syslog except startup messages and IPsets updates/refresh events. There is not stable raspi4 version of openwrt, just snapshots. I am running OpenWrt SNAPSHOT r14850-f5c5a8abd2.
Thank you for your time.
I hope not to offend with an enhancement request? Or if others already have a solution for this? How can I better balance security w/o having to do the work of identifying what program is limiting access and then whitelisting?
Enhancement Request: non-techie web page to enable/disable limited set of services temporarily.
Issue: significant other is having problems viewing sites with banIP and ADBlock, and I wanted to provide them a temporary solution to disable IP Blocking temporarily.
Requirement1: no credentials required
Requirement2: should be a framework for other limited services to plug into (adblock, banip, etc..)
Requirement3: should temporarily disable services for a short period of time. ie: services should start back up after x mins. (30 mins?)
Requirement4: should show current status
Requirement5: button press should show the press was accepted and is doing something
Requirement6: should (en|dis)able service
I've already commented your ticket a while ago. I have no time to dig into this visual issue ...
Please take a look at luci-app-commands
to build/use such landing page, an adblock example is discussed here: Adblock support thread - #1515 by dibdot
thank so much for this.
i was going over the settings before i enable banIP.
i noticed this dropbox, and have a few basic questions, please?
- not sure which to select; as i use the web gui is
luci/admin/system/admin/dropbear
- why is there a choice, does that mean my openwrt is running two ssh deamons?
dropbear is the default in OpenWrt - just leave this setting.
As usual in Opensource systems ... you have the choice. The relevant package in OpenWrt is called 'openssh-server'.
BTW, the next banIP version will also support a mixed mode ...
Thanks, but is just a hobby - nothing more. I regularly donate to a local children's hospice - much more meaningful than supporting a few router nerds.
sure, me too.
i try to support open source projects the only way i can.
thanks
Hi Dirk, thanks for this amazing piece of software!
May I see a list of banned ip such fail2ban on linux? The list include the reason of banning (i.e.: ssh failed access, https failed access, dos attack...)?
just for the record, I'm using it on a r7800 with ACwifidude last build of 2020.
In current available master banIP package you can enable logging of such ips, e.g.
Sat Jan 16 10:27:16 2021 kern.warn kernel: [619205.784775] DROP(src banIP) IN=eth3 OUT=br-lan MAC=18:e8:29:2d:30:ee:2c:91:ab:28:52:2b:08:00 SRC=156.96.46.226 DST=192.168.254.254 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54412 PROTO=TCP SPT=49201 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
In my current dev version (0.7, not available yet), you can query/report more ... e.g. query on above IP
root@blackroute:/etc/banip$ /etc/init.d/banip query 156.96.46.226
:::
::: search '156.96.46.226' in banIP related IPSets
:::
- ip address '156.96.46.226' included in IPSet 'firehol1_4'
- ip address '156.96.46.226' included in IPSet 'threat_4'
- ip address '156.96.46.226' included in IPSet 'drop_4'
and finally you can generate a report, e.g.:
root@blackroute:/etc/banip$ /etc/init.d/banip report
:::
::: report on all banIP related IPSets
:::
+ Report timestamp ::: 16.01.2021 11:04:52
+ Number of all entries ::: 138667
+ Number of IP entries ::: 61884
+ Number of CIDR entries ::: 76783
+ Number of MAC entries ::: 0
+ Number of accessed entries ::: 6
:::
::: IPSet details
:::
Name Type Count Cnt_IP Cnt_CIDR Cnt_MAC Cnt_ACC Entry details (Entry/Count)
---------------------------------------------------------------------------------------------------------------------
blacklist_4 src+dst 507 507 0 0 0
---------------------------------------------------------------------------------------------------------------------
blacklist_6 src+dst 1 1 0 0 0
---------------------------------------------------------------------------------------------------------------------
whitelist_4 src+dst 1 0 1 0 1
192.168.0.0/24 9
---------------------------------------------------------------------------------------------------------------------
whitelist_6 src+dst 1 0 1 0 1
2002:b2c9:dce5::/64 3
---------------------------------------------------------------------------------------------------------------------
dshield_4 src+dst 20 0 20 0 0
---------------------------------------------------------------------------------------------------------------------
firehol1_4 src+dst 2762 403 2359 0 1
156.96.0.0/16 1
---------------------------------------------------------------------------------------------------------------------
doh_4 src+dst 169 169 0 0 1
1.1.1.1 2
---------------------------------------------------------------------------------------------------------------------
doh_6 src+dst 125 125 0 0 0
---------------------------------------------------------------------------------------------------------------------
voip_4 src+dst 7627 7463 164 0 0
---------------------------------------------------------------------------------------------------------------------
tor_4 src+dst 1974 1974 0 0 0
---------------------------------------------------------------------------------------------------------------------
threat_4 src+dst 2414 1427 987 0 0
---------------------------------------------------------------------------------------------------------------------
sslbl_4 src+dst 114 114 0 0 0
---------------------------------------------------------------------------------------------------------------------
yoyo_4 src+dst 10473 10473 0 0 0
---------------------------------------------------------------------------------------------------------------------
debl_4 src+dst 39161 39161 0 0 0
---------------------------------------------------------------------------------------------------------------------
debl_6 src+dst 67 67 0 0 0
---------------------------------------------------------------------------------------------------------------------
drop_4 src+dst 966 0 966 0 0
---------------------------------------------------------------------------------------------------------------------
drop_6 src+dst 36 0 36 0 0
---------------------------------------------------------------------------------------------------------------------
country_4 src+dst 52150 0 52150 0 1
213.138.96.0/19 1
---------------------------------------------------------------------------------------------------------------------
country_6 src+dst 20099 0 20099 0 1
2001:41c0::/28 1
---------------------------------------------------------------------------------------------------------------------
Thanks, but I think I misunderstand something
uhm, where/how?
0.7?!?! I've had 0.3.13 !!
In 0.7?
Actually, with the cli command you suggest I have only
/etc/init.d/banip report
Syntax: /etc/init.d/banip [command]
Available commands:
start Start the service
stop Stop the service
restart Restart the service
reload Reload configuration files (or restart if service does not implement reload)
enable Enable service autostart
disable Disable service autostart
enabled Check if service is started on boot
refresh Refresh ipsets without new list downloads
running Check if service is running
status Service status
trace Start with syscall trace
Logging is available in latest snapshot package, see download links in my first post. The required parameters are in described in the online readme.
Only 0.7.x supports reporting and is the forthcoming update (not available yet!). For now it's only running internally on my router zoo ...
ok.
Now I have to disable banIp because otherwise only my wife's smartphone disconnects from the router and the solution described in the the wiki here https://openwrt.org/faq/deauthenticated_due_to_inactivity doesn't work... can it really be banIP the cause? Kernel log says nothing, just the message described in the wiki linked page.
Nope, I doubt that ... seems to be wireless driver related.
After much too long time I finally finished a new banIP version. Said that only the backend seems to be ready (it's running for a week in my environment), the luci part is not ready yet.
Major changes:
release 0.7.0-pre0
major rewrite
add support for multiple chains
add mac whitelisting
add support for multiple ssh daemons in parallel
add an ipset report engine
add mail notifications
add suspend/resume functions
add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates
add a list wrapper to add/remove blocklist sources
add 19.x and Turris OS 5.x compatibility code
sources stored in an external compressed json file (/etc/banip/banip.sources.gz)
change Country/ASN download sources (faster/more reliable)
fix DHCPv6/icmpv6 issues
It's not a drop in update! If you're willing to test this pre-release, please remove the old banIP version first (all components incl. config). After that fetch the current update from my github repo (it's a ready to run ipk package file), see here: https://github.com/dibdot/banip-prereleases.
Still major things are not available, e.g. documentation & luci parts are still missing. Please ask me to get things up & running.
It would be nice to get some feedback from adventurous testers ...
Thanks!
@dibdot I removed the previous version, incl config files.
start/reload seems not to be working. (also rebooted the router) I enabled autostart.
any thoughts?
root@ROUTER:~# /etc/init.d/banip status
::: banIP runtime information
+ status : disabled
+ version : 0.7.0-pre0
+ ipset_info : -
+ active_sources : firehol1
+ active_devs : -
+ active_ifaces : -
+ active_logterms : dropbear, sshd, luci
+ active_subnets : -
+ run_infos : settype: src+dst, backup_dir: /tmp/banIP-Backup, report_dir: /tmp/banIP-Report
+ run_flags : protocols (4/6): 0/0, log (src/dst): 0/0, monitor: 0, mail: 0
+ last_run : -
+ system : Linksys WRT3200ACM, OpenWrt 19.07.6 r11278-8055e38794
root@ROUTER:~#
Don't know if it's related, but in luci systemlog is broken after installing 0.7.0
Unable to load log data: Executable not found