No I mean I'm trying to ping (which shows packet filtered as expected) and nslookup (which gives me a result which is not expected) from my desktop which is connected to the router
Instead of 1.1.1.1 could you pls try any random IP?
Maybe you configured DNS hijacking in your router.
maybe flakey WAN connection(ssh brute force attack),
because I turn off 22 port, then the log show 1/day
but add new IP to my blacklist(IPSet) need a firewall3 reload and banip servise restart(refresh)? 
Mon Mar 13 10:22:19 2023 authpriv.info dropbear[14822]: Child connection from 177.249.40.122:50097
Mon Mar 13 10:22:20 2023 user.info banIP-0.7.10[14871]: start banIP processing (refresh)
Mon Mar 13 10:22:20 2023 user.info banIP-0.7.10[14871]: IP address '177.249.40.122' added to blacklist
Mon Mar 13 10:22:21 2023 authpriv.info dropbear[14822]: Exit before auth from <177.249.40.122:50097>: (user 'root', 1 fails): Exited normally
Mon Mar 13 10:22:21 2023 user.info banIP-0.7.10[14871]: 5 IPSets with overall 26880 IPs/Prefixes loaded successfully (eac AUTOMATION-CONSULTING GmbH, OpenWrt 21.02.5 r16688-fa9a932fdb)
Mon Mar 13 10:22:21 2023 user.info banIP-service [15264]: log/banIP service started
Mon Mar 13 10:32:41 2023 authpriv.info dropbear[16639]: Child connection from 162.243.146.35:49478
Mon Mar 13 10:32:51 2023 authpriv.info dropbear[16639]: Exit before auth from <162.243.146.35:49478>: Exited normally
Mon Mar 13 10:32:51 2023 user.info banIP-0.7.10[16719]: start banIP processing (refresh)
Mon Mar 13 10:32:53 2023 user.info banIP-0.7.10[16719]: 5 IPSets with overall 26880 IPs/Prefixes loaded successfully (eac AUTOMATION-CONSULTING GmbH, OpenWrt 21.02.5 r16688-fa9a932fdb)
Mon Mar 13 10:32:53 2023 user.info banIP-service [17113]: log/banIP service started```I did indeed have DNS Hijacking enabled on my simple-adblock configuration once I disabled that the issue went away. Thank you!
1 Like
I don't recommend you disabling dns hijacking as it's actually a feature and not an issue. This safeguards your network from bypassing your DNS.
1 Like
I really just wanted to prevent firefox/chrome DoH mainly along with some other common DNS servers like 1.1.1.1 and 8.8.8.8 everything else that is hard coded in by user (which is not known by the BanIP list) I don't really mind
The idea was to understand why your nslookup always resolved the domain name, whatever IP you provide as DNS server.
It's because port 53 (used in nslookup test) is being redirected to your local DNS, it's your local DNS server that is resolving the domains.
You can have DNS hijacking enable, this will redirect port 53 to your local DNS server (and enforce your adblock rules).
Any attempt to use a DNS server in any port you are not redirecting will then be block by banip doh list. (If it's in the list.)
1 Like
As @Minpatsu have replied, that is what DNS hijacking feature is about. To prevent overriding your local dns as @sqrwv have explained in his reply. It will forward all DNS request to your local DNS even if you tried using 8.8.8.8 or 1.1.1.1 via nslookup.
Looking for a fast way to add blocked domains IPs to my allowlist, I started using luci-app-commands and drill packages.
nslookup didn't gave me an already formatted output and dig was bigger.
drill -Q gives a formatted output, ready to copy to the allowlist:
Why not integrated 'resolveip' command?
resolveip discord.com
162.159.137.232
162.159.128.233
162.159.138.232
162.159.135.232
162.159.136.232
1 Like
I didn't knew it existed, it's much smaller and does what I was looking for.
Thanks!
Hello I have version 0.8.2.2 on openwrt 22.03 but impossible to block countries here is my configuration an idea of my error thanks
config banip 'global'
option ban_debug '0'
option ban_autodetect '1'
list ban_logterm 'Exit before auth from'
list ban_logterm 'luci: failed login'
list ban_logterm 'error: maximum authentication attempts exceeded'
list ban_logterm 'sshd.*Connection closed by.*\[preauth\]'
list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress='
list ban_country 'tw'
list ban_country 'af'
list ban_country 'al'
list ban_country 'dz'
list ban_country 'as'
list ban_country 'ad'
list ban_country 'ao'
list ban_country 'ai'
list ban_country 'aq'
list ban_country 'ag'
list ban_country 'ar'
list ban_country 'am'
list ban_country 'aw'
list ban_country 'au'
list ban_country 'at'
list ban_country 'az'
list ban_country 'bs'
list ban_country 'bh'
list ban_country 'bd'
list ban_country 'bb'
list ban_country 'by'
list ban_country 'be'
list ban_country 'bz'
list ban_country 'bj'
list ban_country 'bm'
list ban_country 'bt'
list ban_country 'bo'
list ban_country 'bq'
list ban_country 'ba'
list ban_country 'bw'
list ban_country 'bv'
list ban_country 'br'
list ban_country 'io'
list ban_country 'vg'
list ban_country 'bn'
list ban_country 'bg'
list ban_country 'bf'
list ban_country 'bi'
list ban_country 'cv'
list ban_country 'kh'
list ban_country 'cm'
list ban_country 'ca'
list ban_country 'ky'
list ban_country 'cf'
list ban_country 'td'
list ban_country 'cl'
list ban_country 'cn'
list ban_country 'hk'
list ban_country 'mo'
list ban_country 'cx'
list ban_country 'cc'
list ban_country 'co'
list ban_country 'km'
list ban_country 'cg'
list ban_country 'ck'
list ban_country 'cr'
list ban_country 'hr'
list ban_country 'cu'
list ban_country 'cw'
list ban_country 'cy'
list ban_country 'cz'
list ban_country 'ci'
list ban_country 'kp'
list ban_country 'cd'
list ban_country 'dk'
list ban_country 'dj'
list ban_country 'dm'
list ban_country 'do'
list ban_country 'ec'
list ban_country 'eg'
list ban_country 'sv'
list ban_country 'gq'
list ban_country 'er'
list ban_country 'ee'
list ban_country 'sz'
list ban_country 'et'
list ban_country 'fk'
list ban_country 'fo'
list ban_country 'fj'
list ban_country 'fi'
list ban_country 'gf'
list ban_country 'pf'
list ban_country 'tf'
list ban_country 'ga'
list ban_country 'gm'
list ban_country 'ge'
list ban_country 'gh'
list ban_country 'gi'
list ban_country 'gr'
list ban_country 'gl'
list ban_country 'gd'
list ban_country 'gp'
list ban_country 'gu'
list ban_country 'gt'
list ban_country 'gg'
list ban_country 'gn'
list ban_country 'gw'
list ban_country 'gy'
list ban_country 'ht'
list ban_country 'hm'
list ban_country 'va'
list ban_country 'hn'
list ban_country 'hu'
list ban_country 'is'
list ban_country 'in'
list ban_country 'id'
list ban_country 'ir'
list ban_country 'iq'
list ban_country 'im'
list ban_country 'il'
list ban_country 'it'
list ban_country 'jm'
list ban_country 'jp'
list ban_country 'je'
list ban_country 'jo'
list ban_country 'kz'
list ban_country 'ke'
list ban_country 'ki'
list ban_country 'kw'
list ban_country 'kg'
list ban_country 'la'
list ban_country 'lv'
list ban_country 'lb'
list ban_country 'ls'
list ban_country 'lr'
list ban_country 'ly'
list ban_country 'li'
list ban_country 'lt'
list ban_country 'lu'
list ban_country 'mg'
list ban_country 'mw'
list ban_country 'my'
list ban_country 'mv'
list ban_country 'ml'
list ban_country 'mt'
list ban_country 'mh'
list ban_country 'mq'
list ban_country 'mr'
list ban_country 'mu'
list ban_country 'yt'
list ban_country 'mx'
list ban_country 'fm'
list ban_country 'mc'
list ban_country 'mn'
list ban_country 'me'
list ban_country 'ms'
list ban_country 'ma'
list ban_country 'mz'
list ban_country 'mm'
list ban_country 'na'
list ban_country 'nr'
list ban_country 'np'
list ban_country 'nl'
list ban_country 'nc'
list ban_country 'nz'
list ban_country 'ni'
list ban_country 'ne'
list ban_country 'ng'
list ban_country 'nu'
list ban_country 'nf'
list ban_country 'mp'
list ban_country 'no'
list ban_country 'om'
list ban_country 'pk'
list ban_country 'pw'
list ban_country 'pa'
list ban_country 'pg'
list ban_country 'py'
list ban_country 'pe'
list ban_country 'ph'
list ban_country 'pn'
list ban_country 'pl'
list ban_country 'pt'
list ban_country 'pr'
list ban_country 'qa'
list ban_country 'kr'
list ban_country 'md'
list ban_country 'ro'
list ban_country 'ru'
list ban_country 'rw'
list ban_country 're'
list ban_country 'bl'
list ban_country 'sh'
list ban_country 'kn'
list ban_country 'lc'
list ban_country 'mf'
list ban_country 'pm'
list ban_country 'vc'
list ban_country 'ws'
list ban_country 'sm'
list ban_country 'st'
list ban_country 'sa'
list ban_country 'sn'
list ban_country 'rs'
list ban_country 'sc'
list ban_country 'sl'
list ban_country 'sg'
list ban_country 'sx'
list ban_country 'sk'
list ban_country 'si'
list ban_country 'sb'
list ban_country 'so'
list ban_country 'za'
list ban_country 'gs'
list ban_country 'ss'
list ban_country 'es'
list ban_country 'lk'
list ban_country 'ps'
list ban_country 'sd'
list ban_country 'sr'
list ban_country 'sj'
list ban_country 'se'
list ban_country 'sy'
list ban_country 'tj'
list ban_country 'th'
list ban_country 'mk'
list ban_country 'tl'
list ban_country 'tg'
list ban_country 'tk'
list ban_country 'to'
list ban_country 'tt'
list ban_country 'tn'
list ban_country 'tr'
list ban_country 'tm'
list ban_country 'tc'
list ban_country 'tv'
list ban_country 'ug'
list ban_country 'ua'
list ban_country 'ae'
list ban_country 'tz'
list ban_country 'um'
list ban_country 'vi'
list ban_country 'us'
list ban_country 'uy'
list ban_country 'uz'
list ban_country 'vu'
list ban_country 've'
list ban_country 'vn'
list ban_country 'wf'
list ban_country 'eh'
list ban_country 'ye'
list ban_country 'zm'
list ban_country 'zw'
list ban_country 'ax'
option ban_enabled '1'
list ban_trigger 'lan'
list ban_trigger 'wan'
option ban_deduplicate '1'
option ban_loginput '1'
option ban_logforwardlan '0'
list ban_feed 'country'
option ban_autoallowlist '1'
option ban_autoblocklist '1'
option ban_allowlistonly '0'
option ban_fetchcmd 'uclient-fetch'
option ban_protov4 '1'
list ban_ifv4 'wan'
option ban_protov6 '1'
list ban_ifv6 'wan6'
list ban_dev 'wan'
option ban_logforwardwan '0'
ban ip restart everything the status processing
Looking at your long, long country list most probably an OOM condition. Just enable debug logs and check them during processing.
Why not add the appropriate domains directly to your allowlist - to make sure that the current IP is always in your allowlist?
2 Likes
That is just perfect, I didn't knew it was allowed. 
It's even written above the allow list: "add only exactly one MAC/IPv4/IPv6 address or domain name per line."
Thanks!
1 Like
Is there a set of lists that people use as a start. Like the best ones that will not break shit? I tryed using some lists and twitter links stopped working. All so I am getting sick of finding IPs for the allowlist. Some of the sites that are blocked are.
Read the 2 posts just above yours.
I am asking about a stoc set of lists.
One suggestion is to search (in setreporting-ipsearch) for those IPs you think shouldn't be blocked and disable those lists.
It's either that or input the domain names in the allow list.