Hi, dohv4 feed seems to be blocking dbrand.com domain for me.
nslookup dbrand.com shows 76.76.21.21 which is in the dohv4 feed under this dns "arashi.eu.org".
I had the same issue with tailscale.com, which also points to the same IP of arashi.eu.org.
Ended up adding 76.76.21.21 to the Allowlist.
@dibdot what do you think should be the workaround here?
i guess we can't do much if multiple domains use the same ip address (ipinfo shows it as amazon aws).
I'll just add it to the allowlist and block "arashi.eu.org" at my dns level for now.
should i be able to connect with wireguard even when i have all countries in block(banip)?
i see lots of trafic getting blocked but the wireguard trafic still works
does wireguard get passed before the banip rules or how does that work?
good day @dibdot I don't see any issues tab on https://github.com/dibdot/DoH-IP-blocklists I wanted to add a DoH Domain/IP: iterator.lazada.com
Lazada app (ecommerce platform in SEA) bypasses DNS blocks using that, proof while proxying
Just disable the Auto Detection and set the relevant interfaces manually (incl. th wg interface).
@dibdot
Can BanIP also be used to block internet access for a range of local IP-adresses (like used for IOT devices)?
To try this I added "192.168.1.64/28" to the blocklist (192.168.1.64-79) and restarted BanIP. But access to the internet was still possible from 192.168.1.75 (and probably the other adresses).
You can block/allow internal devices via MAC address, check MAC/IP-binding in the readme.
Thanks, I will add that domain later today.
Maybe i don't get it (most likely).
To explain further; I give my iot devices a fixed/static IP-address. The IP-address falls in the range of 192.168.1.64/28 and is outside the normal DHCP range of the router.
So initially the router doesn't know a corresponding MAC-address until the iot device makes connection with the router.
I just want BanIP to block all traffic to and from the internet coming from 192.168.1.64/28.
Certainly not your intention, but set up a VLAN without an Internet connection...?!
I agree, that would be the most elegant method but seems an overkill at this moment if it can be solved by a simple entry in the blocklist of BanIP.
For now i solved it with a firewall rule.
If you don't want to use @dibdot's suggested solution, then use DNS blocking...maybe you want to update your IoT devices...?!
Hi, I use the countryv4 feed to block some contry, but there is a way to block only the requests that those country make to me?
I'd like to navigate on the websites hosted in those contries, without any botnet or similar can reach me.
It's something reasonable or it's not tecnically possible?
Thank you in advance!
You could use the feed/Set settings to add a checkbox to the Countryv4 list, limiting to the only WAN Fwd Chain.
That would seem to be exactly what I am looking for!
However, I have a small problem: I would set WAN-Input & WAN-Forward as enabled. The moment I enable WAN-Forward, I can no longer access from the WAN (e.g. from my cell phone with WiFi disabled) to some resources that are port forwarded.
This behavior is confirmed by the logs:
Thu Dec 26 00:57:04 2024 kern.warn kernel: [15804.285683] banIP/fwd-wan/drop/countryv4: IN=pppoe-wan OUT=br-lan.XX MAC= SRC=62.19.104.XX DST=192.168.XX.XX LEN=60 TOS=0x08 PREC=0x20 TTL=57 ID=56186 DF PROTO=TCP SPT=24886 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
This would seem to be fair and reasonable behavior, however, I limited only 5 countries ( not including my own).
What is even stranger is that if I perform an IP Search in the Set Reporting panel, I find the IP of my cell phone.
:::
::: banIP Search
:::
Looking for IP '62.19.104.XX' on 2024-12-26 01:13:22
---
IP found in Set 'countryv4'
My phone's IP actually belongs to this countryv4 element: https://www.ipdeny.com/ipblocks/data/countries/it.zone -> 62.18.0.0/15 but precisely Italy is not among the Countries (RIR) (only China, India, Iran, Russian Federation, Afghanistan are selected).
I also thought of checking the automatic blocklist (which populates the banip.blocklist file anyway, correct?), but my phone's IP doesn't figure (and anyway the Survey in that case shouldn't tell me it's blocked for countryv4).
What am I missing?
For now I will limit to WAN-Input Chain, however I would be really happy to figure out how to enable WAN-Forward as well
In general NO, but if you use always the same sites than use whitelisting.
Hmm my banIP is taking a long time to process, it's been 20 mins and it's still processing
What feeds did you enable? becrypt
is not recommended on a lot of routers due to very large size and very long time to process. Even an x86 takes 3mins to process just that feed.