30 minutes!? How many countries did you block!? Maybe it's easier for you to use the undocumented 'ban_allowlistonly' mode where only connection permitted which are defined in your allowlist.
The country lists are actually still manageable.
Most of the time is spent on the firehol4 list, which only blocks incoming traffic.
To close everything would actually be a bit overkill
But thanks for the suggestion.
Thank you by the way for the great work you are doing here!
@dibdot just want to inform you that the tor ban list doesn't work anymore and it seems that the maintainer has stopped updating it as stated in the home page https://fissionrelays.net/. It actually stopped working in the past 2 weeks.
Here is a good replacement list
the only downside is it ratelimits. you can only access the list once every 30 minutes.
There is also this list
it only has ipv4 addresses, and the list would have to have special parsing handlers for this list.
it only has ipv4 addresses, and you would need special parsing handlers for this list.
Here is the list I use:
it is update hourly.
(which is identical to the dan.me list)
BanIP used the Dan.Me list before. What I did (before when Dan.Me was being used) was tweaked it in a way that I've got a cron downloading the list once a day (somewhere it can survive a restart) then BanIP source was mapped to process the download file so just in case you had to restart the router or banip within 30mins or less, banip will still be able to process the file with no errors.
I use the github list which is identical to dan.me. the lists maintainer uses github actions to redownload the list once an hour. The benefit is you wont have to worry about the ratelimit anymore.
Is 128MB of RAM a viable option with these optimizations - and a small IP list?
Yes.. that should have enough memory for small IP sets.
I agree with @AcidSlide, it should be enough to load a small IP list. But I encourage to fully enjoy BanIP strive for more memory.
With my RAM and use of as many IP sets as I do, my memory shows only a very small portion being used. I think the biggest challenge occurs during the process of loading those entries into memory.
Just test it yourself ...
I have no such device, the smallest of my routers has 256 MByte RAM - and banIP works on this device with a splitsize of '1000' and a limit on one cpu core.
someone could show their banip config to give an idea?
config banip 'global' option ban_enabled '1' # enable the banIP service (disabled by default) option ban_debug '1' # enable debug logging option ban_autodetect '1' # enable banIPs autodetection for devices/interfaces/download utility option ban_autoblocklist '1' # add suspicous IPs to blocklist as well option ban_autoallowlist '1' # add uplink IPs to allwolist automatically option ban_nicelimit '0' # ulimit: nice level of the banIP service option ban_filelimit '1024' # ulimit: max open/number of files option ban_loglimit '100' # scan only the last n lines of the logfile option ban_logcount '1' # how many times the IP must appear to be considered suspicious option ban_logingress '1' # log ingress drops option ban_logforward '0' # do not log forward rejects option ban_protov4 '1' # enable IPv4 support option ban_protov6 '0' # enable IPv6 support list ban_logterm 'Exit before auth from' # regex for logfile parsing to detect suspicious IPs (dropbear) list ban_logterm 'luci: failed login' # regex for logfile parsing to detect suspicious IPs (luci) list ban_logterm 'error: maximum authentication attempts exceeded' # regex for logfile parsing to detect suspicious IPs (nginx) list ban_logterm 'sshd.*Connection closed by.*\[preauth\]' # regex for logfile parsing to detect suspicious IPs (sshd) list ban_logterm '<sip:.*>'\'' failed for '\''' # regex for logfile parsing to detect suspicious IPs (asterisk) list ban_trigger 'wan' # trigger interface list ban_trigger 'VPN' # trigger interface list ban_ifv4 'wan' list ban_ifv4 'VPN' # option ban_deduplicate '1' # deduplicate IP addresses across all active sets # option ban_splitsize '500' # split ext. downloaded sets after every n lines/members (saves RAM => no atomic set load!) # option ban_cores '1' # overwrite the cpu core autodetection option ban_nftexpiry '1h' # expiry time for auto added blocklist members option ban_nftpriority '-300' # nft table priority (default is raw table priority (before fw4!)) # option ban_resolver 'localhost' # default resolver for DNS lookups # option ban_triggerdelay '10' # trigger timeout before banIP processing begins list ban_blockingress 'country' # limit certain feeds to the incoming/ingress chain list ban_blockforward 'doh' # limit certain feeds to the outgoing/forward chain list ban_feed 'adguard' # various blocklist feeds list ban_feed 'asn' list ban_feed 'backscatterer' list ban_feed 'bogon' list ban_feed 'country' list ban_feed 'darklist' list ban_feed 'debl' list ban_feed 'doh' list ban_feed 'drop' list ban_feed 'dshield' list ban_feed 'edrop' list ban_feed 'energized' list ban_feed 'feodo' list ban_feed 'firehol1' list ban_feed 'firehol2' list ban_feed 'firehol3' # list ban_feed 'firehol4' list ban_feed 'greensnow' list ban_feed 'iblockads' list ban_feed 'iblockspy' list ban_feed 'myip' list ban_feed 'nixspam' list ban_feed 'oisdbasic' list ban_feed 'oisdnsfw' list ban_feed 'proxy' list ban_feed 'sslbl' list ban_feed 'talos' list ban_feed 'threat' list ban_feed 'threatview' list ban_feed 'tor' list ban_feed 'uceprotect1' list ban_feed 'uceprotect2' list ban_feed 'uceprotect3' list ban_feed 'urlhaus' list ban_feed 'urlvir' list ban_feed 'voip' list ban_feed 'yoyo' list ban_asn '32934' list ban_country 'ru' list ban_country 'cn'
/etc/init.d/banip "command" Available commands: start Start the service stop Stop the service restart Restart the service reload Reload configuration files (or restart if service does not implement reload) enable Enable service autostart disable Disable service autostart enabled Check if service is started on boot report [<cli>|<mail>|<gen>|<json>] Print banIP related set statistics running Check if service is running status Service status trace Start with syscall trace info Dump procd service info
a few minutes ago I hopefully uploaded the last pre-release to my github account (pre4, see first post) with the following changes:
banIP_0.8.0pre4: - replaced the ingress chain with the input chain (much more effective with reduced system load), changed the config options 'ban_blockingress' with 'ban_blockinput' and 'ban_logingress' with 'ban_loginput' - add a set report engine, supported output formats: text, json and mail - add a set search engine (search for single ipv4 or ipv6 addresses) - optimized the download handler, only one file will be downloaded when both feed URLs are pointing to the same file (as with the new tor feed) - replaced/updated the tor feed - various optimizations & fixes Signed-off-by: Dirk Brenken <email@example.com>
A few screenshots from the latest pre-release:
- current status:
- report output:
- mail output:
- firewall overview (optimized input chain and forward chain):
I'm a complete newbie on banip, running OpenWrt 22.03.
Just uploaded and installed banIP_0.8.0pre4 and it's not doing anything,
I'm mean it's not reacting to any command on /etc/init.d/banip status, start, stop...etc
It's just giving back nothing.
Tried to straight execute /usr/bin/banip-service.sh but's it also doing nothing.
process is not running and there is no any error at execution but also not doing anything on any command.
Am I doing something wrong ?
Did you edit config file?
Nope as I said I'm newbie. I have read through the original banip installation piece but doesn't say to edit the config file it just says install and start it it's all automatic.
Where is it ? Under /etc somewhere I guess ?
yes should be edit /etc/config /banip
enabled = 1
then restart banip and
check banip status
To be precise, the option is called ...
option ban_enabled '0'
...and should be enabled with the value '1' ...
example of my config
config banip 'global' option ban_enabled '1' option ban_debug '1' option ban_autodetect '1' option ban_autoblocklist '1' option ban_autoallowlist '1' option ban_nicelimit '0' option ban_filelimit '1024' option ban_loglimit '100' option ban_logcount '1' option ban_loginput '1' option ban_logforward '0' option ban_protov4 '1' option ban_protov6 '1' list ban_logterm 'Exit before auth from' list ban_logterm 'luci: failed login' list ban_logterm 'error: maximum authentication attempts exceeded' list ban_logterm 'sshd.*Connection closed by.*\[preauth\]' list ban_logterm '<sip:.*>'\'' failed for '\''' option ban_deduplicate '1' list ban_trigger 'wan' list ban_trigger 'wan6' list ban_blockinput 'country' list ban_ifv4 'wan' list ban_ifv6 'wan6' list ban_dev 'wan' list ban_feed 'country' list ban_country 'fr' block server xample location paris in my game list ban_country 'gb' list ban_country 'lu' list ban_country 'it' list ban_country 'us' list ban_country 'es' option ban_fetchcmd 'uclient-fetch'
I would like to block all servers of a game and play only in Germany but I don't know if banip can do it
only authorise "de" for deutchland
it seems to me that once I managed to do it in my game but since the last release I don't know what happened if I want to play only in Germany
::: banIP runtime information + status : active + version : 0.8.0pre4-1 + element_count : 35742 + active_feeds : allowlistvMAC, allowlistv4, allowlistv6, blocklistvMAC, blocklistv6, blocklistv4, countryv6, count ryv4 + active_devices : wan + active_interfaces : wan, wan6
banIP Set Statistics (28.01.2023 17:19:33) ::: Set | Set Elements | Chain Input | Chain Forward | Input Packets | Forward Packets ---------------------+---------------+---------------+---------------+---------------+---------------- allowlistvMAC | 0 | n/a | OK | n/a | 0 allowlistv4 | 1 | OK | OK | 6 | 0 allowlistv6 | 1 | OK | OK | 0 | 0 blocklistvMAC | 0 | n/a | OK | n/a | 0 blocklistv6 | 0 | OK | OK | 0 | 0 blocklistv4 | 0 | OK | OK | 0 | 0 countryv6 | 13571 | OK | n/a | 0 | n/a countryv4 | 22169 | OK | n/a | 4 | n/a ---------------------+---------------+---------------+---------------+---------------+---------------- 8 | 35742 | 6 | 6 | 10 | 0