banIP support thread


Although this Serverfault question is about IPv6 in from-torange/P2P-style format, it does seem that IPSet supports adding IP's for IPv4 in the from-torange/P2P-style format nowadays.



Ok, so I've been running banip with a 6in4 tunnel (@hisham2630 I looked again, and HE now has a local tunnel endpoint with acceptable latency). So far, a summary of bits which have arisen:

  1. Whitelist functionality does not seem to cover IPv6, it seems there is no creation of IPv6 whitelist sets, despite my whitelist having an IPv6 address in it.
  2. IPv6 sets are applied to WAN interfaces having only IPv4 connectivity, i.e. the interfaces are added to the IPv6 banIP list, and vice versa for interfaces having only IPv4 address.

For 2 in the above list, I have tried disabling the "builtin IPv6 functionality" for the interfaces. I have also tried having a separate firewall zone for IPv4 with it restricted to only IPv4, and the same for an IPv6 zone, also limited to only IPv6.

Thank you for all of your hard work on this! Please contact me if I can provide any more troubleshooting info, it might be a bit delayed this time as I am back at work, and rather busy all around. :frowning:

1 Like


Hi, many many thanks for your testing efforts & your support! :+1:
It would be nice to get a full (debug enabled) banIP runtime log via PM or email to my maintainers address - and take your time ,,, currently my daytime job is very tempting, too. :wink:

Edit: Please provide your whitelist (with IPv6 addresses too, cause I can't reproduce that).



Will do so, my next chance to strip down to a "barebones" config/firmware will likely only be this coming weekend. (One day I'll have the luxury of a spare router for to mess about with, without risking unemployment as a side effect. :stuck_out_tongue: )

I'll send an archive of everything related, and likely some stuff which is not.



I am a complete beginner with this.
Not into programming etc etc.

I loaded BanIP onto the latest WRT3200acm OpenWRT firmware (which is great).
I previously used PiHole, which is MUCH more user friendly, though nowhere near as elegant a solution as BanIP (and Adblock for OpenWRT previously). They seem to crash each other so it's one or the other it seems to me.

(I want simple adblocking, google, facebook, eBay advertising etc. I am fed up at the junk that is downloaded visiting websites).

Despite loading most of the modules, I still get adverts, eg googleads, doubleclick, etc.

Can I wildcard sites?
How do I know which sites are blocked that I don't want to be?
Why can't I load a list from many of the websites that advertise blacklists, eg Filterlists.

The difficult functionality of this app and OpenWRT, generally, prevents Joe Public from taking up these programmes en masse.

PS I'm not a simpleton, and I don't want to learn computer programming like an expert, but a little tinkering is OK, and good simple to follow help pages would be a bonus.



Then you are on the wrong thread. What you need is adblock.

1 Like


definitely not, with me both programs always run in parallel ...:wink:

then use adblock, not banIP. The main purpose of the latter one is blocking of incoming ip addresses or subnets. Of course, you could also block outgoing ips but it's less effective than adblock.



What about updating the block lists for something more useful overall, firehol_level1 supersedes a bunch of lists, so maybe we'd have room for turris_greylist, iblocklist_pedos and so on. Just food for thought.



Could you provide a working config with your enhancements / other sources? Feel free to provide it here in the forum or publish a pull request at the package repo.