banIP support thread

I guess the build enviroment is not smart enough to notice imbuilding a FW3 image and show compatable packages.

Anyone have any ideas?

  1. If you only want to block incoming connections just select your WAN interface(s). Select Wireguard too if you have open ports from your VPN provider or if you want to block outgoing connections (banip does this too). This being said, do NOT select LAN or any other local interface (do not select private VPNs too).

  2. Yes, is normal to have some attempts as malicious people get new ips and servers constantly and blocklists are not updated that fast. Also services like shodan and censys.io are not blocked and they are constantly scanning ips.

Thank you for replying. And if I also want to filter outgoing traffic? How can I do that without selecting LAN? Thanks again.

Blockquote And if I also want to filter outgoing traffic?

Just select your WAN and VPN interfaces, all outgoing traffic is routed thru those interfaces

Thank you for the help. Just did it now!

is it now ok with firewall4 ?

1 Like

This is my question, too.

1 Like

Will banip only work on the wan interface or can it also work on LAN? For example, if a devices tries to access a Chinese ip block, will the outgoing connection be blocked?

Try there:

Edit maclist

Bump - is firewall4 supported. If not, i can not upgrade to 22.03-rc6 ....

If the nftables support list on github is up to date the answer is no, banIP is not yet supported. I read somewhere it's being worked on but will take time.

1 Like