Already done, I've opened this PR: https://github.com/openwrt/packages/pull/9003
banIP always logs to the the configured log daemon. Please search the forum for remote logging ...
To log the names as well, try this one:
ipset -L 2>/dev/null | egrep 'packets [1-9]|^Name'
Again thx for the quick answer.
Great thx a lot !
Don't get me wrong. Remote syslog is working , I remote send every system,dhcp,dnsmasq and of course banip etc. to my central syslog server , but the ipset part is not in this stream.
Looking forward to your future work an that "CLI part" !
This works thx a lot.
Edit: I managed to solve this, had to add the correct snapshot feeds to my OpenWRT config. Sadly, I broke my luci GUI when doing so. :x
It would be great, if you could add banIP to the stable package lists.
Previous question:
Hi,
I just wanted to install banIP on my OpenWRT Router, which is running v18.06.02 stable.
Sadly, banIP doesn't seem to exist even if I refresh my package lists with opkg update.
Is there something I'm missing?
Scroll up to the first post.
I don't know what you're up to, in the linked guide of the first post is mentioned how to install banIP with OPKG only. This is normally not working with a stable OpenWRT release, when you don't change the package feeds. Am I correct?
Is there a way to install banIP without changing all my package feeds?
They should stay at the stable release branch on my installation.
cd /tmp
wget https://downloads.openwrt.org/snapshots/packages/x86_64/packages/banip_0.1.1-1_all.ipk
opkg install /tmp/banip_0.1.1-1_all.ipk
Thanks, this commands worked well.
It would still be great if banIP will get added to the stable repos in future.
This software is awesome!
banIP will be part of forthcoming stable 19.x
so I'm gettingin log:
banip.sh /usr/bin/banip.sh: line 376: : Permission denied
I think its because i disabled ipv6 in openwrt but it is kinda bug
Hi,
thanks for this finding - will be fixed in 0.1.2 with this PR: https://github.com/openwrt/packages/pull/9075
The whitelist overrides all firewall rules not just the banIP lists; is this intended behaviour?
If not you could change the iptables rules from "-j ACCEPT" to "-j RETURN" to allow processing of existing firewall ruleset.
@cgretski sounds reasonable, the iptables whitelist target will be changed in 0.1.3 - thanks!
What is new in 1.4-1 ?
kind regards
I've updated the first post accordingly.
Thx and keep up the great work !
Hi,
I like this 
Is it also possible to reverse the country blocking, I mean, that i can enter the country codes from which the people have access? So instead of blocking 20 countries, I only allow 1 country?
Thanks.
Br,
Jan
No, that's not possible.
From what I read you currently can select a wan interface and the desired IPset sources.
Is there anything planned reagarding multiple wan interfaces with the ability to choose the filter lists for each interface/network individually?
E.g.:
WAN1 ==> IPset source 3, 5, 8, 18
WAN2 ==> IPset source 1, 4, 6, 7, 8, 18
Usually the current active wan interface will be determined automatically, but always with the same set of IPSet sources. Just curious, what's the use case for having different source sets per interface?
Well for example if you have to ISPs and one is only for work then sometimes it would be helpful to have two different whitelists/blacklists or in general filter different things.
Maybe when you can specify even more "controled interfaces" then choosing VLANs would also be an option to only filter from or to certain networks (not really elegant, but would work).
Most user probably won't need it, but there would be more flexibility and possibilities to manage your traffic.