banIP support thread

@neurotransmitter - See this related post.

Then I can withdraw the ipdeny request…

Actually, maybe just leave it. It is probably good for the site owner to know, and they may want to upgrade their server for TLS 1.3

I have the same dependency problem, but now with the newer banip 1.8.6-r1 version. However library libncurses6 (without the w is installed) is this somehow a typo or is libncursesw6 a complete other library?

System info: cores: 4, log: logread, fetch: curl, GL.iNet GL-MT6000, mediatek/filogic, OpenWrt 25.12.2 (r32802-f505120278)
Ban ip: frontend: 1.8.5-r1 / backend: 1.8.5-r2

I tried to update from shell and it worked. Somehow the issue is with luci ui only.

Thank you zmei, that was a good temporary workaround.
The new banip 1.8.6-2 seems to solve the problem completely.

Has anybody else noticed a silent crash / restart of banip when the blocked packet count goes over 32K?

Nope.

Please more context, which banIP version?which counter? Your config? The output of banip status?

Thanks.

::: banIP runtime information

status            : active (nft: ✔, monitor: ✔)
version           : 1.5.6-r7
element_count     : 68 617 (chains: 7, sets: 13, rules: 36)
active_feeds      : allowlist.v4MAC, allowlist.v6MAC, allowlist.v4, allowlist.v6, threat.v4, threatview.v4, webclient.v4, blocklist.v4MAC, blocklist.v6MAC, blocklist.v4, blocklist.v6, country.v6, country.v4
active_devices    : wan: eth2 / wan-if: wan, wan6 / vlan-allow: - / vlan-block: -
active_uplink     : 84.193.104.169/21, 2a02:1810:9447:6500::3fd7/128
nft_info          : ver: 1.1.1-r1, priority: -100, policy: performance, loglevel: warn, expiry: -, limit (icmp/syn/udp): 25/10/100
run_info          : base: /tmp, backup: /tmp/banIP-backup, report: /tmp/banIP-report, error: /tmp/banIP-error
run_flags         : auto: ✔, proto (4/6): ✔/✔, log (pre/in/out): ✘/✘/✘, count: ✘, dedup: ✔, split: ✘, custom feed: ✘, allowed only: ✘
last_run          : mode: start, 2026-04-22 12:21:03, duration: 0m 15s, memory: 1555.63 MB available
system_info       : cores: 2, log: tail, fetch: curl, Turris Omnia, mvebu/cortexa9, TurrisOS 9.0.5 r29148+98-beaf298c4c

image1180×1324 95.8 KB

From my perspective, every time the “13” line counter inbound packets counter approaches 32768, banip seems to crash silently and reload. This happens every few hours.

Sample from the processing log:

Apr 22 10:17:48 omnia banIP-1.5.6-r7[31364]: start banIP processing (start, 1.5.6-r7)
Apr 22 10:17:49 omnia banIP-1.5.6-r7[31364]: initialize banIP nftables namespace
Apr 22 10:17:49 omnia banIP-1.5.6-r7[31364]: start banIP download processes
Apr 22 10:18:04 omnia banIP-1.5.6-r7[31364]: start banIP domain lookup
Apr 22 10:18:04 omnia banIP-1.5.6-r7[31364]: finish banIP processing
Apr 22 10:18:04 omnia banIP-1.5.6-r7[31364]: start detached banIP log service (/usr/bin/tail)
Apr 22 10:20:49 omnia banIP-1.5.6-r7[737]: start banIP processing (start, 1.5.6-r7)
Apr 22 10:20:49 omnia banIP-1.5.6-r7[737]: initialize banIP nftables namespace
Apr 22 10:20:49 omnia banIP-1.5.6-r7[737]: start banIP download processes
Apr 22 10:21:03 omnia banIP-1.5.6-r7[737]: start banIP domain lookup
Apr 22 10:21:03 omnia banIP-1.5.6-r7[737]: finish banIP processing
Apr 22 10:21:03 omnia banIP-1.5.6-r7[737]: start detached banIP log service (/usr/bin/tail)
Apr 22 11:59:58 omnia banIP-1.5.6-r7[19325]: start banIP processing (start, 1.5.6-r7)
Apr 22 11:59:58 omnia banIP-1.5.6-r7[19325]: initialize banIP nftables namespace
Apr 22 11:59:58 omnia banIP-1.5.6-r7[19325]: start banIP download processes
Apr 22 12:00:12 omnia banIP-1.5.6-r7[19325]: start banIP domain lookup
Apr 22 12:00:12 omnia banIP-1.5.6-r7[19325]: finish banIP processing
Apr 22 12:00:12 omnia banIP-1.5.6-r7[19325]: start detached banIP log service (/usr/bin/tail)
Apr 22 12:02:58 omnia banIP-1.5.6-r7[21160]: start banIP processing (start, 1.5.6-r7)
Apr 22 12:02:58 omnia banIP-1.5.6-r7[21160]: initialize banIP nftables namespace
Apr 22 12:02:58 omnia banIP-1.5.6-r7[21160]: start banIP download processes
Apr 22 12:03:12 omnia banIP-1.5.6-r7[21160]: start banIP domain lookup
Apr 22 12:03:12 omnia banIP-1.5.6-r7[21160]: finish banIP processing
Apr 22 12:03:12 omnia banIP-1.5.6-r7[21160]: start detached banIP log service (/usr/bin/tail)

I am far from running out of memory - router has 2GB RAM.

I can't see any crashes in the log ... provide your banip config please.

I did say silent crashes / restarts, which is what is puzzling me, as well as the frequency this is happening. Here’s my config:

config banip 'global'
	option ban_enabled '1'
	option ban_debug '0'
	option ban_autodetect '1'
	list ban_logterm 'Exit before auth from'
	list ban_logterm 'luci: failed login'
	option ban_fetchretry '5'
	option ban_nicelimit '0'
	option ban_filelimit '4096'
	option ban_deduplicate '1'
	option ban_nftpriority '-100'
	option ban_icmplimit '25'
	option ban_synlimit '10'
	option ban_udplimit '100'
	option ban_nftpolicy 'performance'
	option ban_nftretry '5'
	option ban_blockpolicy 'drop'
	option ban_nftloglevel 'warn'
	option ban_logprerouting '0'
	option ban_loginbound '0'
	option ban_logoutbound '0'
	option ban_loglimit '250'
	option ban_autoallowlist '1'
	option ban_autoallowuplink 'subnet'
	option ban_autoblocklist '1'
	option ban_allowlistonly '0'
	option ban_fetchcmd 'curl'
	option ban_protov4 '1'
	list ban_ifv4 'wan'
	option ban_protov6 '1'
	list ban_ifv6 'wan6'
	list ban_trigger 'wan'
	list ban_trigger 'wan6'
	list ban_region 'AFRINIC'
	list ban_region 'APNIC'
	list ban_feed 'country'
	list ban_feed 'threat'
	list ban_feed 'threatview'
	list ban_feed 'webclient'
	list ban_dev 'eth2'
	list ban_feedin 'blocklist'
	list ban_feedin 'country'
	list ban_feedin 'threat'
	list ban_feedin 'threatview'
	list ban_feedin 'webclient'
	list ban_feedout 'country'
	list ban_feedout 'threat'
	list ban_feedout 'threatview'
	list ban_country 'al'
	list ban_country 'ai'
	list ban_country 'aq'
	list ban_country 'ag'
	list ban_country 'ar'
	list ban_country 'am'
	list ban_country 'az'
	list ban_country 'bs'
	list ban_country 'bh'
	list ban_country 'bb'
	list ban_country 'by'
	list ban_country 'bz'
	list ban_country 'bm'
	list ban_country 'bo'
	list ban_country 'ba'
	list ban_country 'br'
	list ban_country 'bg'
	list ban_country 'ky'
	list ban_country 'cl'
	list ban_country 'co'
	list ban_country 'cr'
	list ban_country 'cu'
	list ban_country 'cw'
	list ban_country 'dm'
	list ban_country 'do'
	list ban_country 'ec'
	list ban_country 'sv'
	list ban_country 'ge'
	list ban_country 'gp'
	list ban_country 'gy'
	list ban_country 'ht'
	list ban_country 'hn'
	list ban_country 'ir'
	list ban_country 'iq'
	list ban_country 'il'
	list ban_country 'jm'
	list ban_country 'jo'
	list ban_country 'kz'
	list ban_country 'kw'
	list ban_country 'kg'
	list ban_country 'lb'
	list ban_country 'mq'
	list ban_country 'mx'
	list ban_country 'ni'
	list ban_country 'om'
	list ban_country 'ps'
	list ban_country 'pa'
	list ban_country 'py'
	list ban_country 'pe'
	list ban_country 'pr'
	list ban_country 'qa'
	list ban_country 'ru'
	list ban_country 'bl'
	list ban_country 'kn'
	list ban_country 'lc'
	list ban_country 'mf'
	list ban_country 'pm'
	list ban_country 'vc'
	list ban_country 'sa'
	list ban_country 'sy'
	list ban_country 'tj'
	list ban_country 'tt'
	list ban_country 'tr'
	list ban_country 'tm'
	list ban_country 'tc'
	list ban_country 'ae'
	list ban_country 'uy'
	list ban_country 'uz'
	list ban_country 've'
	list ban_country 'ye'

Remove that one (see the readme) and restart the router.

Seems to have fixed the issue - thanks! What puzzles me is that my IPv6 address doesn’t change that often. I also did not find anything specific related to this. Which readme specifically where you referring to?

The reason it's not really about your IPv6 address changes: the IPv6 WAN is quite chatty and netifd emits multiple events for it (not only on address changes — also on DHCPv6 lease renewals, RA / prefix lifetime refreshes, route updates and so on). Every one of those events fires a banIP start when wan6 is listed as a trigger, which is why dropping it made the problem go away. The IPv4 wan on the other hand gives you one clean "uplink is up" signal, and banIP's autodetection takes care of both address families regardless of which interface triggers the reload — so there's no reason to add wan6 on top.

Bottomline there were no "silent crashes", only frequent (re-)starts due to IPv6-related interface trigger.

Perfectly clear - once again thanks.

Hi, is it safe to update without this libncursesw6?

image881×1568 65.1 KB

I also have some countries on my feed selection, but they stopped to be displayed here:

image1810×1030 22.3 KB

And the column Elements (max 50) are also empty.

config banip 'global'
        option ban_enabled '1'
        option ban_debug '0'
        option ban_autodetect '1'
        list ban_trigger 'wan'
        option ban_fetchretry '5'
        option ban_nicelimit '0'
        option ban_filelimit '1024'
        option ban_deduplicate '1'
        option ban_nftpriority '-100'
        option ban_icmplimit '25'
        option ban_synlimit '10'
        option ban_udplimit '100'
        option ban_nftpolicy 'memory'
        option ban_nftretry '3'
        option ban_blockpolicy 'drop'
        option ban_nftloglevel 'warn'
        option ban_logprerouting '0'
        option ban_loginbound '0'
        option ban_logoutbound '0'
        option ban_loglimit '100'
        option ban_autoallowlist '1'
        option ban_autoallowuplink 'subnet'
        option ban_autoblocklist '1'
        option ban_allowlistonly '0'
        option ban_fetchcmd 'uclient-fetch'
        option ban_protov4 '1'
        list ban_ifv4 'wan'
        list ban_country 'cn'
        list ban_country 'hk'
        list ban_country 'ir'
        list ban_country 'il'
        list ban_country 'ru'
        list ban_country 'tw'
        list ban_country 'ua'
        list ban_country 'ae'
        list ban_country 'us'
        list ban_logterm 'Exit before auth from'
        list ban_logterm 'luci: failed login'
        list ban_logterm 'AdGuardHome.*\[error\].*/control/login: from ip'
        list ban_logterm 'error: maximum authentication attempts exceeded'
        option ban_countrysplit '1'
        list ban_feed 'cinsscore'
        list ban_feed 'country'
        list ban_feed 'debl'
        list ban_feed 'firehol4'
        list ban_feed 'greensnow'
        list ban_feed 'ipthreat'
        list ban_feed 'threat'
        list ban_feed 'turris'
        list ban_dev 'pppoe-wan'

Hardware: GL-iNet MT6000 running OpenWrt 25.12.2

Nope, there are some reports in this thread, that updating via CLI was successful, e.g.
banIP support thread - #3134 by zmei - just try that.

Do you mean apk add banip?
And what about the list of countries not displayed anymore?

and

Just check the processing log ... most probably the libmbedtls regression in 25.02, see here for more information: CURL download errors with BanIP and libmbedtls ver 3.6.6-r1 - #4 by dibdot

[24/04/2026-15:46:27] banIP-1.8.6-r4[4796]: start banIP processing (start, 1.8.6-r4)
[24/04/2026-15:46:27] banIP-1.8.6-r4[4796]: no wan devices
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: start banIP processing (start, 1.8.6-r4)
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: remove IPv4 interface 'wan' from config
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: remove IPv4 interface 'wan' from config
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: add IPv4 interface 'wan' to config
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: add device 'pppoe-wan' to config
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: initialize banIP nftables namespace
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: start banIP download processes
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.cn.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.hk.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.ir.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.il.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.ru.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.tw.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.ua.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.ae.v4' failed, rc: 4
[24/04/2026-15:47:03] banIP-1.8.6-r4[5521]: download for feed 'country.us.v4' failed, rc: 4
[24/04/2026-15:47:05] banIP-1.8.6-r4[5521]: download for feed 'country.ru.v4' failed, rc: 4
[24/04/2026-15:47:05] banIP-1.8.6-r4[5521]: download for feed 'country.tw.v4' failed, rc: 4
[24/04/2026-15:47:06] banIP-1.8.6-r4[5521]: download for feed 'country.ua.v4' failed, rc: 4
[24/04/2026-15:47:06] banIP-1.8.6-r4[5521]: download for feed 'country.ae.v4' failed, rc: 4
[24/04/2026-15:47:06] banIP-1.8.6-r4[5521]: download for feed 'country.us.v4' failed, rc: 4
[24/04/2026-15:47:06] banIP-1.8.6-r4[5521]: download for feed 'country.cn.v4' failed, rc: 4
[24/04/2026-15:47:06] banIP-1.8.6-r4[5521]: download for feed 'country.hk.v4' failed, rc: 4
[24/04/2026-15:47:06] banIP-1.8.6-r4[5521]: download for feed 'country.ir.v4' failed, rc: 4
[24/04/2026-15:47:06] banIP-1.8.6-r4[5521]: download for feed 'country.il.v4' failed, rc: 4
[24/04/2026-15:47:20] banIP-1.8.6-r4[5521]: download for feed 'greensnow.v4' failed, rc: 4
[24/04/2026-17:00:19] banIP-1.8.6-r4[5521]: skip empty feed 'cinsscore.v4'
[24/04/2026-17:00:20] banIP-1.8.6-r4[5521]: download for feed 'country.cn.v4' failed, rc: 4
[24/04/2026-17:00:21] banIP-1.8.6-r4[5521]: download for feed 'country.hk.v4' failed, rc: 4
[24/04/2026-17:00:21] banIP-1.8.6-r4[5521]: download for feed 'country.ir.v4' failed, rc: 4
[24/04/2026-17:00:22] banIP-1.8.6-r4[5521]: download for feed 'country.il.v4' failed, rc: 4
[24/04/2026-17:00:22] banIP-1.8.6-r4[5521]: download for feed 'country.ru.v4' failed, rc: 4
[24/04/2026-17:00:23] banIP-1.8.6-r4[5521]: download for feed 'country.tw.v4' failed, rc: 4
[24/04/2026-17:00:24] banIP-1.8.6-r4[5521]: download for feed 'country.ua.v4' failed, rc: 4
[24/04/2026-17:00:25] banIP-1.8.6-r4[5521]: download for feed 'country.ae.v4' failed, rc: 4
[24/04/2026-17:00:26] banIP-1.8.6-r4[5521]: download for feed 'country.us.v4' failed, rc: 4
[24/04/2026-17:00:27] banIP-1.8.6-r4[5521]: download for feed 'country.cn.v4' failed, rc: 4
[24/04/2026-17:00:27] banIP-1.8.6-r4[5521]: download for feed 'country.hk.v4' failed, rc: 4
[24/04/2026-17:00:28] banIP-1.8.6-r4[5521]: download for feed 'country.ir.v4' failed, rc: 4
[24/04/2026-17:00:29] banIP-1.8.6-r4[5521]: download for feed 'country.il.v4' failed, rc: 4
[24/04/2026-17:00:30] banIP-1.8.6-r4[5521]: download for feed 'country.ru.v4' failed, rc: 4
[24/04/2026-17:00:31] banIP-1.8.6-r4[5521]: download for feed 'country.tw.v4' failed, rc: 4
[24/04/2026-17:00:31] banIP-1.8.6-r4[5521]: download for feed 'country.ua.v4' failed, rc: 4
[24/04/2026-17:00:32] banIP-1.8.6-r4[5521]: download for feed 'country.ae.v4' failed, rc: 4
[24/04/2026-17:00:33] banIP-1.8.6-r4[5521]: download for feed 'country.us.v4' failed, rc: 4
[24/04/2026-17:00:35] banIP-1.8.6-r4[5521]: skip empty feed 'debl.v4'
[24/04/2026-17:00:39] banIP-1.8.6-r4[5521]: skip empty feed 'firehol4.v4'
[24/04/2026-17:00:40] banIP-1.8.6-r4[5521]: download for feed 'greensnow.v4' failed, rc: 4
[24/04/2026-17:00:40] banIP-1.8.6-r4[5521]: skip empty feed 'ipthreat.v4'
[24/04/2026-17:00:41] banIP-1.8.6-r4[5521]: skip empty feed 'threat.v4'
[24/04/2026-17:00:42] banIP-1.8.6-r4[5521]: skip empty feed 'turris.v4'
[24/04/2026-17:00:47] banIP-1.8.6-r4[5521]: start banIP domain lookup
[24/04/2026-17:00:47] banIP-1.8.6-r4[5521]: finish banIP processing
[24/04/2026-17:00:47] banIP-1.8.6-r4[5521]: start detached banIP log service (/sbin/logread)