For the country feed to work you need at least two config entries:
list ban_feed 'country' # enable the country feed
[...]
list ban_country 'cn' # one or multiple countries you want to block
list ban_country 'ru'
list ban_blockingress 'country' # optional/useful: block only incoming connections (not outgoing)
The trigger option has nothing todo with feeds. That's the startup trigger interface for banIP to begin processing ...
thanks for the response i have this outpout so is good
is active i have seen processing too sometimes
root@OpenWrt1er-router:~# /etc/init.d/banip status
::: banIP runtime information
+ status : active ## also see processing
+ version : 0.8.0pre3-1
+ element_count : 174239
hi,
I've uploaded the last banip ipk but everytime I update my build, I loose banip, even if I ''keep setting''
do you know how I can keep it?
thanks
I'm not sure if this what your are looking for.
In luci->backup flash FW-> Configuration tab, we can make a list of files that we want to survive sysupgrade.
For example:
I have a script called installpkgs.sh, that will install all the packages I want.
So I add /root/installpkgs.sh to backup_flash_FW config tab, so my script isn't deleted.
Then my script is something like:
opkg update
opkg install <pkg1>
opkg install <pkg2>
After each sysupgrade, I just run my script to reinstall all the packages I use.
Maybe you can play with those options to do what you need.
Thank you
I will try
So far pre3 is running pretty optimal. I noticed inside banip config option ban_nftpriority '-300' with # nft table priority (default is raw table priority (before fw4!)) is -300 the most optimal place to prioritize traffic at? I am noticing performance gains with -500 priority.
@dibdot pre3 fails to install for me because I'm using staging not 22.03.01 and it barfs on the kernel version.
It's not a major issue as I can rebuild a new staging version, but I was wondering if you can set a lower kernel version that is acceptable to banip and use ">=" rather then "=" in the version check.
I've never built an opkg package so I've no idea if such a thing is possible
just ignore these kind of "errors" - I build the pre-release packages within my build environment based on current master (with current 5.15 kernel).
I haven't tested it yet. How did you test/validate the performance gain?
Well from what I can tell at -300 priority, it seems it is more computational processing packets. I have majority of the lists loaded into sets. +500000 ips. Network throughput seems more crippled at -300 priority. When i put it at -500, i see less throughput delays. Probably has to do with cpu cycles and processing packets. Nothing major, just something possibly worth while testing further.
@dibdot Installed pre3 last night and woke up to an Asterisk log filled with these failure lines which haven't been picked up by banip. The log is at 1Gb after 8 hours with a single rogue IP!
Happy to help test anything to resolve this.
@dibdot Now that the log has calmed down (I added the offending IP address to the voipbl.org site), I can see that the other failures appear to be working so I've no idea why this particular line should be failing. It was one particular IP that never got added to the ban list despite 000,000's of entries in the log (IP was 46.8.210.88)
Also is it possible to get a log of the IPs you ban in real time so that they can added to voipbl.org for the benefit of all?
Please send me your banip config and a real world log file excerpt with the offending IP to my maintainers address (dev@brenken.org). I'll try to reproduce that ...
Thanks!
Not in 0.8.x ... 
Anyway you could just copy & paste from your local blocklist - just take the timestamp as reference ...
My bad. I didn't have the correct asterisk regex line in my config. I'm amazed, and happy, that banip caught as many malicious ip's as it did without it.
Well, just keep churning along. Doesn't matter if it is weeks, months, or version xyz. I would be glad to test pre-release for you anytime!
@dibdot Well no difference. 8Gb file after 10 hours so I'll send you the last 250 lines of the asterisk log and banip via email
I am playing around a bit with the 'ban_splitsize' option. In the process, an error message has appeared in the syslog:
'...user.info banIP-0.8.0pre3-1[4324]: failed to add split file '2' to countryv4 set'
'...user.info banIP-0.8.0pre3-1[4324]: failed to add split file '3' to countryv4 set'
What could be the reason for this?
I have a Netgear R7800 router with 512MB RAM, but would like to use some larger lists. This worked in the 'old' version without any problems.
Has anyone had experience with which splisize still works well with which RAM size?
Maybe too many open files (if the splitsize is too small). Start with the following settings:
option ban_splitsize '1000'
option ban_cores '1'
You can raise the max. open files as well but that won't help I guess:
option ban_filelimit '4096'
I have tried it with the following values:
option ban_splitsize '5000'
option ban_cores '1'
option ban_filelimit '4096'
With this it seems to work now (even without OOM). However, I believe that this is rather due to the 'filelimit' value.
5000 splitsize and 1 core I had tried before. But the error messages occurred.
I have looked into the created tmp directory when re-importing. But there were never more than 400 files created before.
A big disadvantage is now of course that the new import instead of a few minutes now partly takes 30 minutes.
But hey, it works! 