Don't get me wrong. Remote syslog is working , I remote send every system,dhcp,dnsmasq and of course banip etc. to my central syslog server , but the ipset part is not in this stream.
Looking forward to your future work an that "CLI part" !
Edit: I managed to solve this, had to add the correct snapshot feeds to my OpenWRT config. Sadly, I broke my luci GUI when doing so. :x It would be great, if you could add banIP to the stable package lists.
Previous question:
Hi,
I just wanted to install banIP on my OpenWRT Router, which is running v18.06.02 stable.
Sadly, banIP doesn't seem to exist even if I refresh my package lists with opkg update.
Is there something I'm missing?
I don't know what you're up to, in the linked guide of the first post is mentioned how to install banIP with OPKG only. This is normally not working with a stable OpenWRT release, when you don't change the package feeds. Am I correct?
Is there a way to install banIP without changing all my package feeds?
They should stay at the stable release branch on my installation.
The whitelist overrides all firewall rules not just the banIP lists; is this intended behaviour?
If not you could change the iptables rules from "-j ACCEPT" to "-j RETURN" to allow processing of existing firewall ruleset.
Hi,
I like this
Is it also possible to reverse the country blocking, I mean, that i can enter the country codes from which the people have access? So instead of blocking 20 countries, I only allow 1 country?
Thanks.
Br,
Jan
From what I read you currently can select a wan interface and the desired IPset sources.
Is there anything planned reagarding multiple wan interfaces with the ability to choose the filter lists for each interface/network individually?
E.g.:
WAN1 ==> IPset source 3, 5, 8, 18
WAN2 ==> IPset source 1, 4, 6, 7, 8, 18
Usually the current active wan interface will be determined automatically, but always with the same set of IPSet sources. Just curious, what's the use case for having different source sets per interface?
Well for example if you have to ISPs and one is only for work then sometimes it would be helpful to have two different whitelists/blacklists or in general filter different things.
Maybe when you can specify even more "controled interfaces" then choosing VLANs would also be an option to only filter from or to certain networks (not really elegant, but would work).
Most user probably won't need it, but there would be more flexibility and possibilities to manage your traffic.