If your router isn't so old and is supported then you can install main branch build.
Nope, please don't do it. 21.02 doesn't support nftables and the kernel is too old - sorry, no chance.
Thank you for the confirmation, that is why I asked, as this was right when they converted.
I will work on getting a newer build setup on another device.
PS, thank you for adding a geoIP map!
1 Like
I hope @dibdot doesn't mind me mentioning my project geoip-shell which supports older OpenWrt versions, and if geoblocking is all you need then it might be another way forward for you. (note that the package in the OpenWrt repo is very outdated rn but I'm including updated packages for OpenWrt with each release on Github)
That has been fixed in banIP 1.5.6-r1 (incl. LuCI update).
5 Likes
There a way to add custom feed or multiple ASN fast? I got this list from here:
Have a way to add in the blocklist?
I just noticed that this doesn't happen anymore on the latest banip
Mon Jan 27 10:59:45 2025 kern.warn kernel: [ 108.454065] percpu: allocation failed, size=16 align=8 atomic=1, atomic alloc failed, no space left
Mon Jan 27 10:59:45 2025 kern.info kernel: [ 108.454331] percpu: limit reached, disable warning
both on my test openwrt and actual routers, it doesn't happen anymore
2 Likes
I am just curious ... why is there sometines an OUT= and sometimes an OUT=br-lan in the logs??
Wed Apr 16 10:57:48 2025 kern.err kernel: [ 2097.541701] banIP/inbound/drop/firehol1.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=185.156.73.222 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=2646 PROTO=TCP SPT=46297 DPT=3368 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x1
Wed Apr 16 10:57:52 2025 kern.err kernel: [ 2101.784407] banIP/inbound/drop/firehol1.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=66.63.187.201 DST=XXX.XXX.XXX.XXX LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=30544 DF PROTO=TCP SPT=54567 DPT=25 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 MARK=0x1
Wed Apr 16 10:57:55 2025 kern.err kernel: [ 2104.784963] banIP/inbound/drop/firehol1.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=66.63.187.201 DST=XXX.XXX.XXX.XXX LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=30661 DF PROTO=TCP SPT=54567 DPT=25 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 MARK=0x1
Wed Apr 16 10:57:56 2025 kern.err kernel: [ 2105.782878] banIP/inbound/drop/firehol3.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=3.238.70.130 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43920 DPT=6446 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x1
Wed Apr 16 10:57:59 2025 kern.err kernel: [ 2108.520664] banIP/inbound/drop/firehol3.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=165.154.119.158 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=TCP SPT=56933 DPT=3144 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x1
Wed Apr 16 10:58:01 2025 kern.err kernel: [ 2110.786505] banIP/inbound/drop/firehol1.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=66.63.187.201 DST=XXX.XXX.XXX.XXX LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=30899 DF PROTO=TCP SPT=54567 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1
Wed Apr 16 10:58:02 2025 kern.err kernel: [ 2111.106386] banIP/inbound/drop/country.v4: IN=eth0 OUT=br-lan MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=124.220.171.218 DST=192.168.0.18 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=34220 DF PROTO=TCP SPT=57882 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x2
Wed Apr 16 10:58:03 2025 kern.err kernel: [ 2112.107278] banIP/inbound/drop/country.v4: IN=eth0 OUT=br-lan MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=124.220.171.218 DST=192.168.0.18 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=34221 DF PROTO=TCP SPT=57882 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x2
Wed Apr 16 10:58:05 2025 kern.err kernel: [ 2114.114124] banIP/inbound/drop/country.v4: IN=eth0 OUT=br-lan MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=124.220.171.218 DST=192.168.0.18 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=34222 DF PROTO=TCP SPT=57882 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x2
Wed Apr 16 10:58:09 2025 kern.err kernel: [ 2118.119514] banIP/inbound/drop/country.v4: IN=eth0 OUT=br-lan MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=124.220.171.218 DST=192.168.0.18 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=34223 DF PROTO=TCP SPT=57882 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x2
Wed Apr 16 10:58:28 2025 kern.err kernel: [ 2137.375983] banIP/inbound/drop/firehol3.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=45.33.33.17 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=43598 DPT=3398 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x1
Wed Apr 16 10:58:46 2025 kern.err kernel: [ 2155.900144] banIP/inbound/drop/firehol3.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=65.49.1.65 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=59915 DPT=44818 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x1
Wed Apr 16 10:59:41 2025 kern.err kernel: [ 2210.548194] banIP/inbound/drop/firehol3.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=20.169.107.90 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=54425 DPT=981 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x1
Wed Apr 16 10:59:43 2025 kern.err kernel: [ 2212.647899] banIP/inbound/drop/firehol3.v4: IN=eth0 OUT= MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=205.210.31.166 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55829 DPT=20257 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x1
XXX.XXX.XXX.XXX is my external ip
My config:
config banip 'global'
option ban_enabled '1'
option ban_debug '0'
option ban_autodetect '0'
option ban_fetchretry '5'
option ban_nicelimit '0'
option ban_filelimit '1024'
option ban_deduplicate '1'
option ban_nftpriority '-100'
option ban_synlimit '10'
option ban_udplimit '100'
option ban_nftpolicy 'memory'
option ban_nftretry '5'
option ban_blockpolicy 'drop'
option ban_nftloglevel 'err'
option ban_logprerouting '0'
option ban_loginbound '1'
option ban_logoutbound '0'
option ban_loglimit '100'
option ban_autoallowlist '1'
option ban_autoallowuplink 'subnet'
option ban_autoblocklist '1'
option ban_allowlistonly '0'
option ban_triggerdelay '5'
list ban_country 'cn'
option ban_protov4 '1'
list ban_dev 'eth0'
list ban_ifv4 'wan'
list ban_ifv4 'wg0'
list ban_ifv6 'wan'
list ban_ifv6 'wg0'
option ban_fetchcmd 'wget'
option ban_cores '2'
list ban_feedin 'allowlist'
list ban_feedin 'blocklist'
list ban_feedin 'country'
list ban_feedin 'feodo'
list ban_feedin 'firehol1'
list ban_feedin 'firehol2'
list ban_feedin 'firehol3'
list ban_feedin 'firehol4'
list ban_feedin 'tor'
list ban_feedin 'voip'
list ban_logterm 'luci: failed login'
list ban_logterm 'sshd.Connection closed by.[preauth]'
list ban_logterm 'error: maximum authentication attempts exceeded'
option ban_autoblocksubnet '1'
list ban_trigger 'wan'
list ban_trigger 'wg0'
option ban_mailnotification '1'
option ban_mailreceiver 'webmaster@somewhere.org'
option ban_mailsender 'noreply@somewhere.org'
option ban_mailtopic 'banIP notification'
option ban_mailprofile 'myhosting'
option ban_icmplimit '25'
list ban_feed 'country'
list ban_feed 'feodo'
list ban_feed 'firehol1'
list ban_feed 'firehol2'
list ban_feed 'firehol3'
list ban_feed 'firehol4'
list ban_feed 'tor'
list ban_feed 'voip'
option ban_nftcount '1'
option ban_map '1'
option ban_remotelog '1'
option ban_remotetoken 'XXXXXXXXXXXXXXXXXX'
In the instance quoted above, inbound traffic to your WAN interface was blocked.
Here though, inbound traffic was blocked to a host on your internal network. Do you intentionally have port forwarding enabled and a host (192.168.0.18) listening on port 443?
1 Like
Nope, that's not supported.
Well, you log inbound traffic in the regular "_inbound" chain. This chain summarizes the traffic of following base chains => WAN_INPUT and WAN_FORWARD. banIP marks these base chains so that these sources can still be distinguished.
Example for WAN_INPUT (MARK=0x1):
Wed Apr 16 10:57:48 2025 kern.err kernel: [ 2097.541701] banIP/inbound/drop/firehol1.v4: IN=eth0 **OUT=** MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=185.156.73.222 DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=2646 PROTO=TCP SPT=46297 DPT=3368 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x1
Example for WAN_FORWARD (MARK=0x2):
Wed Apr 16 10:58:02 2025 kern.err kernel: [ 2111.106386] banIP/inbound/drop/country.v4: IN=eth0 **OUT=br-lan** MAC=XXXXXXXXXXXXXXXXXXXXXXX SRC=124.220.171.218 DST=192.168.0.18 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=34220 DF PROTO=TCP SPT=57882 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x2
Hope this helps.
1 Like
Yes i do, thanks a lot - i love to learn ...
Hi, when I click on "Enable" and then on "Save and Restart" or "Save and Reload" I always get the "Status: error"
Any idea of what I'm doing wrong? 
Check the processing logs and check the readme.