Can you show the banip process log? or screenshot of the banip overview screen?
Thanks but in banip the log is ok but I don't want it in the openwrt sys log.
Hi,
@dibdot thanks for your work!
I've got this
/etc/init.d/banip status
::: banIP runtime information
+ status : active (nft: ✔, monitor: ✔)
+ version : 0.8.2-4
+ element_count : 110434 ...
and it's O.K.,
but mail i've got this
*++ ++ banIP Status ++ ++*
::: banIP runtime information
+ status : active (nft: ✔, monitor: ✘)
+ version : 0.8.2-4
+ element_count : 110434...
there is no monitor.
Thank you
Logs is actually coming from SYS LOG, banip just uses a filter from it to save it to banip ip logs. And it's the only way to get the logs from the firewall.
2 Likes
This update fixed issues reported by @Wolle , @hugalafutro , @Jack007 - it has been published in master and 22.03 branch and the regular package should be available in the next couple of days.
edit: accidentally removed some init stuff in former update - fixed in 0.8.2-6 ... sorry for the mess.
Have fun!
Dirk
5 Likes
Small issue in luci-i18n-banip. These strings are absent from PO files so they cannot be translated:
Changes on this tab needs a banIP service restart to take effect.
To enable email notifications, set up the 'msmtp' package and specify a vaild E-Mail receiver address.
List of supported and fully pre-configured banIP feeds.
1 Like
Ahh, many thanks. Fixed this raw html stuff in the luci repo as well. 
2 Likes
What is the performance impact of adding BanIP to a Archer C7 or similar running on gigabit internet ?
This has a very minimal effect on performance. BanIP is just a processing script that setup your firewall and does not actually do the actual filtering, it's the firewall that does that. Just note, that the more IPs on the list the more memory NFT needs.
disable the autoblocklist function if you prefer only a time limited ban.
1 Like
Thank you
In this case, I would like to know what is the performance impact of adding those rules.
I am correct to believe, that every packet going through the router is going to be evaluated against every rule ? Presumably by the CPU ?
I don't know how many IPs would get added but, for instance if there were 100 addresses, would there be 100 evaluations for every single packet by the CPU ?
Does that have a significant performance impact on an Archer C7 or similar performance router operating on a 1 gigabit WAN operating at full capacity ?
Is there any form of hardware acceleration in this router that might be alleviating this load ?
And is there a way to detect when the router's CPU capacity is being exceeded (and send an email message to myself if/when it happens ?)
Thanks !
after the last update to master, luci-app-banip has disappeared, banip still active but no more luci-app
Not reproducible with three different targets: x86-generic, ipq40xx-generic and mvebu-cortexa9.
1 Like
Independent from banIP this quite old device is insufficient to handle 1 GBit wan speeds (Archer A7 speed - #4 by slh). Please google for nftables performance benchmarks if you need more information about this topic.
1 Like
I'm using Linksys e8450
Please see my reply here, and see if it helps:
thanks but I dont have that problem
When you mentioned luci-app-banip was missing, I assumed it was not selectable in the image builder. What exactly did you mean it went missing? Is it missing in the LUCI web screen? or missing in the OPKG packages?
banip is installed and it is working, luci app is also installed but it is missing from LuCi web page.