Fri Jul 4 19:01:27 2025 user.info banIP-1.5.6-r1[30546]: add IP '103.176.78.178' (expiry: 1h) to blocklist.v4 set
Fri Jul 4 19:01:29 2025 user.info banIP-1.5.6-r1[30546]: add IP range '0.0.0.0/0' (source: ID, IDNIC ::: expiry: 1h) to blocklist.v4 set
Saw this in my logs, can this be prevented to that 0.0.0.0/0 gets added?
Hi @dibdot
With banIP 1.5.6-r6, I’ve noticed that automatic IP address banning based on Log Terms no longer works. I also tried adjusting the Log Count to 1 (and other values like 2, 3, 4, etc.), but it still didn’t take effect. The last entry in /etc/banip/banip.blocklist was added on 2025-06-24.
Hello,
I've got some lines in the Firewall LOG.
Can somebody help me interpret them?
Wed Jul 23 01:10:18 2025 kern.warn kernel: [53681.352245] banIP/pre-icmp/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=17.253.109.201 DST=192.168.1.2 LEN=68 TOS=0x00 PREC=0x00 TTL=58 ID=24385 PROTO=ICMP TYPE=0 CODE=0 ID=28689 SEQ=26
Wed Jul 23 01:10:18 2025 kern.warn kernel: [53681.570036] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9626
Wed Jul 23 01:10:18 2025 kern.warn kernel: [53681.587767] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=11452 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9625
Wed Jul 23 01:10:18 2025 kern.warn kernel: [53681.605735] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=19908 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9627
Wed Jul 23 01:10:18 2025 kern.warn kernel: [53681.624304] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29129 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9628
Wed Jul 23 01:10:19 2025 kern.warn kernel: [53682.609472] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9630
Wed Jul 23 01:10:19 2025 kern.warn kernel: [53682.627201] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=9624 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9629
Wed Jul 23 01:10:19 2025 kern.warn kernel: [53682.645079] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20004 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9631
Wed Jul 23 01:10:19 2025 kern.warn kernel: [53682.663647] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29225 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9632
Wed Jul 23 01:10:20 2025 kern.warn kernel: [53683.648358] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9634
Wed Jul 23 01:10:20 2025 kern.warn kernel: [53683.666085] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=44767 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9633
Wed Jul 23 01:10:20 2025 kern.warn kernel: [53683.684048] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20091 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9635
Wed Jul 23 01:10:20 2025 kern.warn kernel: [53683.702615] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29258 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9636
Wed Jul 23 01:10:21 2025 kern.warn kernel: [53683.868817] banIP/inbound/drop/allowlist.v4: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=198.144.189.67 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=37293 PROTO=TCP SPT=46227 DPT=43269 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x1
Wed Jul 23 01:10:21 2025 kern.warn kernel: [53684.687201] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9638
Wed Jul 23 01:10:21 2025 kern.warn kernel: [53684.704959] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=52150 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9637
Wed Jul 23 01:10:21 2025 kern.warn kernel: [53684.722941] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20250 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9639
Wed Jul 23 01:10:21 2025 kern.warn kernel: [53684.741513] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29443 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9640
Wed Jul 23 01:10:22 2025 kern.warn kernel: [53685.577289] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=171.33.72.166 DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=28817 PROTO=TCP SPT=443 DPT=52286 WINDOW=482 RES=0x00 ACK FIN URGP=0
Wed Jul 23 01:10:22 2025 kern.warn kernel: [53685.726098] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9642
Wed Jul 23 01:10:22 2025 kern.warn kernel: [53685.743820] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=60165 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9641
Wed Jul 23 01:10:22 2025 kern.warn kernel: [53685.761789] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20260 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9643
Wed Jul 23 01:10:22 2025 kern.warn kernel: [53685.780359] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29557 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9644
Wed Jul 23 01:10:23 2025 kern.warn kernel: [53686.765123] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9646
Wed Jul 23 01:10:23 2025 kern.warn kernel: [53686.782852] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=32442 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9645
Wed Jul 23 01:10:24 2025 kern.warn kernel: [53686.800822] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20449 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9647
Wed Jul 23 01:10:24 2025 kern.warn kernel: [53686.819390] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29788 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9648
Wed Jul 23 01:10:24 2025 kern.warn kernel: [53687.429085] banIP/inbound/drop/allowlist.v4: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=176.65.148.65 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=148 PROTO=TCP SPT=58118 DPT=8000 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x1
Wed Jul 23 01:10:25 2025 kern.warn kernel: [53687.792179] banIP/inbound/drop/allowlist.v4: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=109.205.213.2 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49058 PROTO=TCP SPT=55552 DPT=51528 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x1
Wed Jul 23 01:10:25 2025 kern.warn kernel: [53687.814509] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9650
Wed Jul 23 01:10:25 2025 kern.warn kernel: [53687.832214] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=27993 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9649
Wed Jul 23 01:10:25 2025 kern.warn kernel: [53687.850183] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29929 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9652
Wed Jul 23 01:10:25 2025 kern.warn kernel: [53687.868751] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20545 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9651
Wed Jul 23 01:10:25 2025 kern.warn kernel: [53687.906029] banIP/inbound/drop/allowlist.v4: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=121.177.106.92 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=4230 PROTO=TCP SPT=63606 DPT=23 WINDOW=29960 RES=0x00 SYN URGP=0 MARK=0x1
Wed Jul 23 01:10:26 2025 kern.warn kernel: [53688.843358] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9654
Wed Jul 23 01:10:26 2025 kern.warn kernel: [53688.861095] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=41903 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9653
Wed Jul 23 01:10:26 2025 kern.warn kernel: [53688.879060] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=29955 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9656
Wed Jul 23 01:10:26 2025 kern.warn kernel: [53688.897627] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20556 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9655
Wed Jul 23 01:10:27 2025 kern.warn kernel: [53689.881702] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9658
Wed Jul 23 01:10:27 2025 kern.warn kernel: [53689.899424] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=64834 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9657
Wed Jul 23 01:10:27 2025 kern.warn kernel: [53689.917396] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20796 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9659
Wed Jul 23 01:10:27 2025 kern.warn kernel: [53689.935966] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=30122 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9660
Wed Jul 23 01:10:28 2025 kern.warn kernel: [53690.920588] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=54682 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9661
Wed Jul 23 01:10:28 2025 kern.warn kernel: [53690.938579] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9662
Wed Jul 23 01:10:28 2025 kern.warn kernel: [53690.956286] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=20993 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9663
Wed Jul 23 01:10:28 2025 kern.warn kernel: [53690.974852] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=30260 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9664
Wed Jul 23 01:10:29 2025 kern.warn kernel: [53691.959497] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=8.8.8.8 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=116 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9666
Wed Jul 23 01:10:29 2025 kern.warn kernel: [53691.977224] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=1.1.1.1 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=40073 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9665
Wed Jul 23 01:10:29 2025 kern.warn kernel: [53691.995184] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.222.222 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=21231 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9667
Wed Jul 23 01:10:29 2025 kern.warn kernel: [53692.013752] banIP/pre-ct/drop: IN=eth1 OUT= MAC=94:83:c4:a4:2b:a5:d0:5a:00:8e:fa:5c:08:00 SRC=208.67.220.220 DST=192.168.1.2 LEN=28 TOS=0x00 PREC=0x00 TTL=56 ID=30267 PROTO=ICMP TYPE=0 CODE=0 ID=7229 SEQ=9668
Thanks in advance 
Tried looking for answers online/docs but couldn't so asking here:
Can banip support wildcards for website names, like *.website.com or similar instead of exact website url/name?
Can banip be applied to only specific IPs within the LAN? or it blocks for ALL users of the network? it would be very useful to be able to block a TV or other device, but all else is unfiltered..
Thanks.
Does anybody know if banIP handles NAT64 for instance with ASN based blocking? For example if it would block 192.0.2.0/24 additionally there would need to be a block for 64:ff9b::192.0.2.0/120 in case the default NAT64 prefix is used. Is this supported?
Not currently, but you could use DNSMASQ to achieve blocking via DNS.
/website.com/# = *.website.com
/.com/# = *.*.com
**NOTE: After saving and applying from that screen, you will need to restart the DNSMASQ service for the new entries to take effect.
Thanks so much for that tip!!! sorry if this is off-topic for banIP plugin two more related questions:
in the screenshot u uploaded, 3 examples each saying different thing, are these effectively the same ?
"Returns 0.0.0.0" , "Returns NULL" and "Returns NXDOMAIN" ? or each one is handled differently from client/server ? I suspect these are all same, just referred to differently..
same as original 2nd question, can such filtering be applied to only specific IPs within the LAN? say a TV or kids PC will be blocked more than other devices on same network.
Any tips much appreciated.
oh, wait, regarding #1, maybe the trailing "/#" returns 0.0.0.0 (which is similar to Null) but without the "#" at end, it returns NXDOMAIN.. will play a bit, thanks
It certainly won't block it as it consists of different separators (':' and '.').
So it would work only if you use sth. like:
64:ff9b::0/120
A bit broad but it would work out of the box.
Otherwise you have to use tools like jool (e. g.) mapping/translating things. E.g.:
192.0.2.1
will become:
2002:c000:201::
Now you could block this address within banip.
You could also translate this by hand/script and add those translated addresses to nftables/banip. Autotranslator: _https://www.whatsmydns.net/ipv4-to-ipv6?q=192.0.2.1
I never tried this by myself. But I've used jool in the past (but not in connection with banip).
The address 192.0.2.1 is meant for examples. Using different separators is generally supported in tools, but it's not really important what kind of notation is used as my question doesn't relate to directly adding addresses. Try for instance ping 64:ff9b::192.0.2.1 and you'll see it automatically maps it to 64:ff9b::c000:201. My example uses 64:ff9b:: as it's the default NAT64 prefix.
With jool, 192.0.2.1 would actually become 64:ff9b::192.0.2.1 or 64:ff9b::c000:201 with the default configuration. I'm not sure where 2002:c000:201:: comes from, I haven't seen such addresses from jool.
My question was related to ASN based blocking though. I imagine that based on an ASN, banIP generates a large list of both IPv4 and IPv6 subnets for blocking. In case a connection is using NAT64, the corresponding IPv6-mapped addresses for the IPv4 subnets would need to be added to the blocklist for it to work. For this banIP needs to be aware of the NAT64-prefix that's in use and generate corresponding IPv6 subnets. If 192.0.2.0/24 would be blocked, also 64:ff9b::192.0.2.0/120 or 64:ff9b::c000:200/120 would need to be blocked. If anybody knows whether such feature is there, I'd be curious to learn!
That was my thought. Because the latter one can be read/used by banip. It can be used to create nft rules directly too. You just mentioned 64:ff9b::192.0.2.1 which would not work.
This was just an example for translation generally. In the end its c000:201 what is relevant here. The "prefix" is not. The 2002 is a spcial case here for 6to4 over the internet.
BanIP should block the address 64:ff9b::c000:200. Just try it. It should block 64:ff9b::c000:200/120 also. While 64:ff9b::192.0.2.1 should not work. What I tried to tell you.
Why should banip apply this automatically? I'm not aware that such a feature exists here. It would be a waste of ressources. Most ppl. do not deal with NAT64. But maybe the DEV's are open if you would contribute such an add-on feature.
Null / 0.0.0.0 are one in the same. DNS lookups will return 0.0.0.0 as the IP address, effectively resulting in your network clients not connecting to the actual FQDN / IP.
DNS lookup of FQDNs that are NXDOMAIN will treat it as if the domain is invalid. Again, the end result is that your clients will not connect to anything. Also, in the system log you will see an NXDOMAIN result in the entry for the DNS lookup.
(Note: to mitigate the risk of your users changing to alternate DNS servers to circumvent this, you will need to lock down your network to not allow use of external / 3rd party DNS servers. )
If you only have one instance of DNSMASQ running, then the lookup results would be identical globally for all clients on your network using your router for DNS queries.
Technically, you could run a second instance of DNSMASQ on the router and have it listening on an alternate port (or even interface) - then set the clients you want excepted from the DNS filtering to use the 2nd instance.
Here is a post discussing the topic.
Help with dnsmasq instances
BTW, unlike BanIP, the connection isn't being blocked - it just isn't occurring because no valid address will be returned for the DNS lookup of the domain / subdomain, etc.
Thanks so much for reply!!
Last followup on this dns/syntax, will this line:
/website.com/127.0.0.1
send 127.0.0.1 and appear as "responding" but just not able to connect ?
As for IP based blocking, not sure if can maintain 2 DNSs and each client to correctly pick.
Read now that AdGuard Home might be able to do that, will try later, thanks!!
Feedaddress changed for becyber:
Si we need to something in banip configuration?
If yes how?
https://IP/cgi-bin/luci/admin/services/banip/feeds -> Tab - Custom Feed Editor, scroll to becyber Filter and change the URL.
Click the "Fill" button to populate the list. It doesn't by default when you first open.
Rememeber to also click "Save" after you modify the URL.
It seems to be use the GLiNET OS???
