banIP support thread

config banip 'global'
	option ban_enabled '1'
	option ban_debug '1'
	option ban_autodetect '1'
	option ban_autoblocklist '1'
	option ban_autoallowlist '1'
	option ban_nice '-20'
	option ban_loglimit '100'
	option ban_logcount '1'
	option ban_logingress '1'
	option ban_logforward '0'
	option ban_protov4 '1'
	option ban_protov6 '1'
	list ban_logterm 'Exit before auth from'
	list ban_logterm 'luci: failed login'
	list ban_logterm 'error: maximum authentication attempts exceeded'
	list ban_logterm 'sshd.*Connection closed by.*\[preauth\]'
	list ban_source 'asn'
	list ban_source 'bogon'
    list ban_source 'country'
	list ban_source 'darklist'
	list ban_source 'debl'
    list ban_source 'doh'
	list ban_source 'drop'
	list ban_source 'dropalt'
	list ban_source 'dshield'
	list ban_source 'dshieldalt'
	list ban_source 'edrop'
	list ban_source 'edropalt'
	list ban_source 'feodo'
	list ban_source 'firehol1'
	list ban_source 'firehol2'
	list ban_source 'firehol3'
	list ban_source 'greensnow'
	list ban_source 'greensnowalt'
	list ban_source 'iblockspy'
	list ban_source 'nixspam'
	list ban_source 'sslbl'
	list ban_source 'talos'
	list ban_source 'threat'
	list ban_source 'tor'
	list ban_source 'uceprotect1'
	list ban_source 'voip'
	list ban_source 'BlockedEnergized'
	list ban_source 'MyGeneratedAdBlock'
	list ban_source 'alienvault'
	list ban_source 'bdsatif'
	list ban_source 'biany230d'
	list ban_source 'blocklistnetua'
	list ban_source 'coinblhostsbrowser'
	list ban_source 'cybercrime'
	list ban_source 'dshield1d'
	list ban_source 'dyndnsponmocup'
	list ban_source 'etblock'
	list ban_source 'etcompromised'
	list ban_source 'ciarmy'
	list ban_source 'ciarmymalicious'
	list ban_source 'pedophiles'
	list ban_source 'highattack'
	list ban_source 'highbruteforce'
	list ban_source 'urlvir'
	list ban_source 'IOCTweets'
	list ban_source 'IPFeed'
	list ban_asn '4134'
	list ban_asn '9808'
	list ban_asn '16276'
	list ban_asn '15003'
	list ban_asn '36352'
    list ban_asn '32934'
	list ban_asn '29761'
	list ban_asn '15895'
	list ban_asn '50915'
	list ban_asn '53889'
	list ban_asn '57858'
	list ban_asn '4061'
	list ban_asn '39572'
	list ban_asn '24940'
	list ban_asn '4837'
	list ban_asn '37963'
	list ban_asn '58453'
	list ban_asn '17964'
	list ban_asn '45090'
	list ban_asn '45899'
	list ban_asn '9299'
	list ban_asn '10439'
	list ban_asn '38814'
	list ban_asn '29182'
	list ban_asn '50113'
	list ban_asn '9009'
	list ban_asn '46606'
	list ban_asn '15149'
	list ban_asn '31708'
	list ban_asn '9930'
	list ban_asn '21501'
	list ban_asn '12876'
	list ban_asn '38731'
	list ban_asn '41564'
	list ban_asn '399471'
	list ban_asn '51852'
	list ban_asn '133165'
	list ban_asn '23969'
	list ban_asn '14618'
	list ban_asn '24560'
	list ban_asn '7713'
	list ban_asn '36947'
	list ban_asn '8452'
	list ban_asn '45609'
	list ban_asn '16509'
	list ban_asn '10122'
	list ban_asn '26496'
	list ban_country 'af'
	list ban_country 'bd'
	list ban_country 'br'
	list ban_country 'cn'
	list ban_country 'hk'
	list ban_country 'hu'
	list ban_country 'id'
	list ban_country 'il'
	list ban_country 'in'
	list ban_country 'iq'
	list ban_country 'ir'
	list ban_country 'kp'
	list ban_country 'kr'
	list ban_country 'no'
	list ban_country 'pk'
	list ban_country 'pl'
	list ban_country 'ro'
	list ban_country 'ru'
	list ban_country 'sa'
	list ban_country 'th'
	list ban_country 'tr'
	list ban_country 'ua'
	list ban_country 'gb'
	list ban_country 'ae'
	list ban_country 'az'
	list ban_country 'ba'
	list ban_country 'bg'
	list ban_country 'hr'
	list ban_country 'cu'
	list ban_country 'cz'
	list ban_country 'eg'
	list ban_country 'ee'
	list ban_country 'ge'
	list ban_country 'kz'
	list ban_country 'kw'
	list ban_country 'kg'
	list ban_country 'lv'
	list ban_country 'va'
	list ban_country 'md'
	list ban_country 'om'
	list ban_country 'Qatar'
	list ban_country 'rs'
	list ban_country 'sk'
	list ban_country 'si'
	list ban_country 'sy'
	list ban_country 'uz'
	list ban_blockincoming 'country'
	list ban_blockoutgoing 'doh'
	option ban_nftexpiry '2h'
	option ban_fetchcmd 'curl'
	list ban_ifv4 'wan'
	list ban_ifv6 'wan6'
    option ban_srcarc '/etc/banip/mybanip.sources.gz'

I temporarily resolved the issue by adding a sleep 70 && /etc/init.d/banip start to /etc/rc.local.

Even after reviewing the logs, there is no indication (or notification) of banip attempting to start after reboot- no errors of failure either. It is even service enabled. It appears the init process for it gets completely skipped.

Please add the following variables to your config:

option ban_trigger 'wan'        # set it to your needs, this interface.up event triggers the banIP start
option ban_triggerdelay '5'     # that's the default in seconds, if you're using a pppoe interface you have to raise it 
1 Like

yea I kind of created my own little nftable rules to cover it. The problem I am noticing is the rules are not present whenever banip reloads or restarts. Is there a place I can hook them in at temporarily until the next pre-release?

nft add set inet banIP allowmaclist { type ether_addr\; policy memory\; comment \"Allow all packets from these hosts\" \; }
nft add element inet banIP allowmaclist { XX:XX:XX:XX:XX:XX, XX:XX:XX:XX:XX:XX }
nft insert rule inet banIP lan-forward ether saddr @allowmaclist oifname "eth1" ct state new counter accept

the above is an example of my rules

I found the perfect place,

Line 317 of /usr/lib/banip-functions.sh

                 # default forward rules
                 #
                 if [ -n "$(awk '{ printf $1 }' /etc/banip/banip.maclist)" ]; then
                   printf "%s\n" "add set inet banIP allowmaclist { type ether_addr; policy memory; flags interval; }"
                   printf "%s\n" "add element inet banIP allowmaclist { $(awk '{ printf $1"',' " }' /etc/banip/banip.maclist | sed 's/.$//;s/.$//') }"
                   printf "%s\n" "add rule inet banIP lan-forward ether saddr @allowmaclist oifname { ${ban_dev// /, } } ct state new counter accept"
                 fi


I took an easier route as this is only temporary.

  1. I exported the rules with nft list table inet banIP > complete_set.nft
  2. I manually added my new set and rule to the file complete_set.nft.
  3. I created a patch file using diff.
  4. I created a cron entry to restart banIP every 24 hours, patch it and load manually nft -f complete_set.nft.

A tad bit different than your approach. :slight_smile:

1 Like

Yea I typically don't get down and dirty like I did unless I am trying for a quick solution. Your approach is definitely more prudent and thought out. I just thought I would share here what I did. :grinning:

banning the hole internet lol.

1 Like

Not for everyone in the house :rofl:. Ironically my ASN blocks are hit way before any of my actual blocklist are used. I feel I could probably get away with just using my list of ASN.

Here is a dangerous ASN block list: https://raw.githubusercontent.com/brianhama/bad-asn-list/master/bad-asn-list.csv

So I migrated the ASN block to be only on the inbound traffic. Too much potential for false positives on the outbound traffic.

Now this would definitely be blocking the entire internet.

        list ban_asn '3223'
        list ban_asn '3561'
        list ban_asn '3842'
        list ban_asn '4061'
        list ban_asn '4134'
        list ban_asn '4250'
        list ban_asn '4323'
        list ban_asn '4694'
        list ban_asn '4837'
        list ban_asn '5577'
        list ban_asn '6724'
        list ban_asn '6870'
        list ban_asn '6939'
        list ban_asn '7203'
        list ban_asn '7489'
        list ban_asn '7506'
        list ban_asn '7713'
        list ban_asn '7850'
        list ban_asn '7979'
        list ban_asn '8075'
        list ban_asn '8100'
        list ban_asn '8452'
        list ban_asn '8455'
        list ban_asn '8560'
        list ban_asn '8972'
        list ban_asn '9009'
        list ban_asn '9299'
        list ban_asn '9370'
        list ban_asn '9808'
        list ban_asn '9930'
        list ban_asn '10122'
        list ban_asn '10297'
        list ban_asn '10439'
        list ban_asn '10929'
        list ban_asn '11588'
        list ban_asn '11831'
        list ban_asn '11878'
        list ban_asn '12586'
        list ban_asn '12876'
        list ban_asn '12989'
        list ban_asn '13213'
        list ban_asn '13739'
        list ban_asn '13926'
        list ban_asn '14061'
        list ban_asn '14127'
        list ban_asn '14618'
        list ban_asn '15003'
        list ban_asn '15083'
        list ban_asn '15149'
        list ban_asn '15169'
        list ban_asn '15395'
        list ban_asn '15497'
        list ban_asn '15510'
        list ban_asn '15626'
        list ban_asn '15734'
        list ban_asn '15895'
        list ban_asn '16125'
        list ban_asn '16262'
        list ban_asn '16276'
        list ban_asn '16284'
        list ban_asn '16397'
        list ban_asn '16509'
        list ban_asn '16628'
        list ban_asn '17216'
        list ban_asn '17964'
        list ban_asn '18450'
        list ban_asn '18779'
        list ban_asn '18978'
        list ban_asn '19084'
        list ban_asn '19318'
        list ban_asn '19437'
        list ban_asn '19531'
        list ban_asn '19624'
        list ban_asn '19844'
        list ban_asn '19871'
        list ban_asn '19969'
        list ban_asn '20021'
        list ban_asn '20264'
        list ban_asn '20454'
        list ban_asn '20473'
        list ban_asn '20598'
        list ban_asn '20738'
        list ban_asn '20773'
        list ban_asn '20836'
        list ban_asn '20860'
        list ban_asn '21100'
        list ban_asn '21159'
        list ban_asn '21321'
        list ban_asn '21501'
        list ban_asn '21859'
        list ban_asn '22363'
        list ban_asn '22552'
        list ban_asn '22781'
        list ban_asn '23033'
        list ban_asn '23342'
        list ban_asn '23352'
        list ban_asn '23969'
        list ban_asn '24482'
        list ban_asn '24560'
        list ban_asn '24768'
        list ban_asn '24875'
        list ban_asn '24940'
        list ban_asn '24961'
        list ban_asn '24971'
        list ban_asn '25163'
        list ban_asn '25369'
        list ban_asn '25379'
        list ban_asn '25780'
        list ban_asn '25820'
        list ban_asn '26496'
        list ban_asn '27257'
        list ban_asn '28753'
        list ban_asn '29066'
        list ban_asn '29073'
        list ban_asn '29182'
        list ban_asn '29302'
        list ban_asn '29354'
        list ban_asn '29465'
        list ban_asn '29550'
        list ban_asn '29691'
        list ban_asn '29761'
        list ban_asn '29802'
        list ban_asn '29838'
        list ban_asn '29854'
        list ban_asn '30083'
        list ban_asn '30176'
        list ban_asn '30475'
        list ban_asn '30633'
        list ban_asn '30693'
        list ban_asn '30900'
        list ban_asn '30998'
        list ban_asn '31103'
        list ban_asn '31708'
        list ban_asn '32097'
        list ban_asn '32181'
        list ban_asn '32244'
        list ban_asn '32475'
        list ban_asn '32489'
        list ban_asn '32613'
        list ban_asn '32780'
        list ban_asn '33070'
        list ban_asn '33083'
        list ban_asn '33182'
        list ban_asn '33302'
        list ban_asn '33330'
        list ban_asn '33387'
        list ban_asn '33438'
        list ban_asn '33480'
        list ban_asn '33724'
        list ban_asn '33785'
        list ban_asn '33891'
        list ban_asn '34305'
        list ban_asn '34971'
        list ban_asn '34989'
        list ban_asn '35017'
        list ban_asn '35366'
        list ban_asn '35415'
        list ban_asn '35470'
        list ban_asn '35662'
        list ban_asn '35908'
        list ban_asn '35916'
        list ban_asn '36024'
        list ban_asn '36114'
        list ban_asn '36290'
        list ban_asn '36351'
        list ban_asn '36352'
        list ban_asn '36666'
        list ban_asn '36873'
        list ban_asn '36887'
        list ban_asn '36920'
        list ban_asn '36947'
        list ban_asn '36970'
        list ban_asn '37018'
        list ban_asn '37088'
        list ban_asn '37153'
        list ban_asn '37170'
        list ban_asn '37209'
        list ban_asn '37230'
        list ban_asn '37248'
        list ban_asn '37269'
        list ban_asn '37280'
        list ban_asn '37308'
        list ban_asn '37347'
        list ban_asn '37377'
        list ban_asn '37472'
        list ban_asn '37506'
        list ban_asn '37521'
        list ban_asn '37540'
        list ban_asn '37643'
        list ban_asn '37661'
        list ban_asn '37692'
        list ban_asn '37714'
        list ban_asn '37963'
        list ban_asn '38001'
        list ban_asn '38731'
        list ban_asn '38814'
        list ban_asn '39020'
        list ban_asn '39326'
        list ban_asn '39351'
        list ban_asn '39392'
        list ban_asn '39572'
        list ban_asn '40156'
        list ban_asn '40244'
        list ban_asn '40676'
        list ban_asn '40824'
        list ban_asn '40861'
        list ban_asn '41564'
        list ban_asn '41653'
        list ban_asn '41665'
        list ban_asn '42160'
        list ban_asn '42331'
        list ban_asn '42473'
        list ban_asn '42695'
        list ban_asn '42708'
        list ban_asn '42730'
        list ban_asn '42831'
        list ban_asn '43146'
        list ban_asn '43289'
        list ban_asn '43317'
        list ban_asn '43350'
        list ban_asn '44050'
        list ban_asn '44066'
        list ban_asn '45090'
        list ban_asn '45102'
        list ban_asn '45187'
        list ban_asn '45470'
        list ban_asn '45609'
        list ban_asn '45671'
        list ban_asn '45815'
        list ban_asn '45899'
        list ban_asn '46261'
        list ban_asn '46430'
        list ban_asn '46475'
        list ban_asn '46562'
        list ban_asn '46606'
        list ban_asn '46664'
        list ban_asn '46805'
        list ban_asn '46816'
        list ban_asn '46844'
        list ban_asn '47328'
        list ban_asn '47447'
        list ban_asn '47588'
        list ban_asn '49349'
        list ban_asn '49453'
        list ban_asn '49505'
        list ban_asn '49532'
        list ban_asn '49544'
        list ban_asn '49981'
        list ban_asn '50113'
        list ban_asn '50297'
        list ban_asn '50613'
        list ban_asn '50673'
        list ban_asn '50915'
        list ban_asn '51159'
        list ban_asn '51167'
        list ban_asn '51191'
        list ban_asn '51395'
        list ban_asn '51430'
        list ban_asn '51731'
        list ban_asn '51765'
        list ban_asn '51852'
        list ban_asn '52048'
        list ban_asn '52173'
        list ban_asn '52219'
        list ban_asn '53013'
        list ban_asn '53340'
        list ban_asn '53559'
        list ban_asn '53597'
        list ban_asn '53667'
        list ban_asn '53755'
        list ban_asn '53850'
        list ban_asn '53889'
        list ban_asn '54104'
        list ban_asn '54203'
        list ban_asn '54455'
        list ban_asn '54489'
        list ban_asn '54500'
        list ban_asn '54540'
        list ban_asn '55225'
        list ban_asn '55286'
        list ban_asn '55536'
        list ban_asn '55933'
        list ban_asn '55967'
        list ban_asn '56322'
        list ban_asn '56630'
        list ban_asn '56934'
        list ban_asn '57043'
        list ban_asn '57169'
        list ban_asn '57230'
        list ban_asn '57858'
        list ban_asn '58073'
        list ban_asn '58305'
        list ban_asn '58453'
        list ban_asn '59253'
        list ban_asn '59349'
        list ban_asn '59432'
        list ban_asn '59504'
        list ban_asn '59729'
        list ban_asn '59764'
        list ban_asn '60011'
        list ban_asn '60068'
        list ban_asn '60118'
        list ban_asn '60404'
        list ban_asn '60485'
        list ban_asn '60505'
        list ban_asn '60558'
        list ban_asn '60567'
        list ban_asn '60781'
        list ban_asn '61102'
        list ban_asn '61157'
        list ban_asn '61317'
        list ban_asn '61440'
        list ban_asn '62217'
        list ban_asn '62240'
        list ban_asn '62282'
        list ban_asn '62370'
        list ban_asn '62471'
        list ban_asn '62540'
        list ban_asn '62567'
        list ban_asn '63008'
        list ban_asn '63018'
        list ban_asn '63119'
        list ban_asn '63128'
        list ban_asn '63199'
        list ban_asn '63473'
        list ban_asn '63949'
        list ban_asn '64245'
        list ban_asn '64484'
        list ban_asn '132816'
        list ban_asn '133165'
        list ban_asn '133296'
        list ban_asn '133480'
        list ban_asn '133752'
        list ban_asn '134451'
        list ban_asn '136258'
        list ban_asn '197155'
        list ban_asn '197328'
        list ban_asn '198310'
        list ban_asn '199653'
        list ban_asn '199883'
        list ban_asn '200019'
        list ban_asn '200039'
        list ban_asn '201011'
        list ban_asn '201525'
        list ban_asn '202053'
        list ban_asn '202836'
        list ban_asn '203523'
        list ban_asn '203629'
        list ban_asn '204196'
        list ban_asn '327705'
        list ban_asn '327784'
        list ban_asn '327813'
        list ban_asn '327942'
        list ban_asn '328035'
        list ban_asn '394256'
        list ban_asn '394330'
        list ban_asn '394380'
        list ban_asn '395089'
        list ban_asn '395111'
        list ban_asn '395978'
        list ban_asn '399471'

I'm new to banip. How do I add the ASN and make it block inbound only.

sure, you can read anything you like about banip here:

Which OpenWrt version did you use? For release 22.03 only exist an early pre-release which is not suitable for beginners.

1 Like

Could you please share your blocklist sources which are currently not supported by banIP (based on the last 0.7 release)? If so, please send me your json file to my maintainers address - many thanks!

1 Like

What exactly are you requesting? All the blocklist i am using are supported.

I'm using 21.xx for now, sticking with iptables so I can use this, I stumbled upon this great piece of software

I sent you some emails with some of the requested information. Do you know why the lists update every hour? is there a way to change this behavior such that the current list is kept longer than an hour?

1 Like

You mean banIP is downloading the lists every hour? Maybe a stale cron job ... what trigger interface did you set?

I think I see what is happening. My firewall reloads on ifupdate, which is causing the banip to redownload the list. It seems to happen about every hour.

the culprit:

Tue Nov 29 07:59:04 2022 daemon.notice netifd: wan (6655): udhcpc: sending renew to server XX.XX.XX.XX

Is there away to change this behavior? seems udhcpc is renew requesting every hour which seems to cause the firewall to reload.

Then please use the already posted online readme and focus on the following options ...

If installed use the LuCI frontend to set these options.

1 Like

Did you remove the old hotplug script from the former banIP installation? Located under /etc/hotplug.d/firewall/30-banip ... please remove it, it's no longer used.

root@OpenWrt:/etc/config# ls /etc/hotplug.d/firewall/30-banip
ls: /etc/hotplug.d/firewall/30-banip: No such file or directory

OK, then check your trigger interface. Best is not to use an IPv6 interface.