banIP support thread

Sorry, I didn't get it what you're trying to achieve. The option you've mentioned is "ban_autoallowuplink", this ensures that incoming packets from (Source IP in WAN-Input/WAN-Forward) and outgoing packets to (Destination IP in LAN-Forward) your uplink are always accepted.
If these IPs get blocked, than probably in the Prerouting chain, e.g.

You can try to raise the thresholds or disable these safeguards at all.
I recommend taking another close look at the online readme ... and if you're are still unable to solve your problem provide more context ... your config, firewall log excerpts, banIP status etc.

After populating the Allowlist, clicking "Domain Lookup, then the "Restart" button, I was (mistakenly) expecting it to "restart" the BanIP service with the changes in effect. When I rebooted the device itself though, everything worked as expected the next time around. Thanks.

i banned accidentially my own IP (keys in use) instead i used putty and get rejected by :publickey (my stupidity), how to remove from list IP? I still have access to root.
In other words, how to remove entry from there

/etc/init.d/banip survey blocklistv4

Depends on your config, check the readme. Generally speaking, remove the entry from your local blocklist and reload banIP.

From the command line, you could manually edit the file /etc/banip/banip.blocklist

Secondarily, you could also temporarily set a static address ( different IP ) on your PC long enough to modify list via the GUI.

Quick question: is there a way to load banip.allowlist and banip.blocklist changes faster? I like the de-duplication feature but perhaps I need to disable it? With about six block lists applied, it takes a few minutes to apply the change via service banip reload

P.S. BanIP is a really amazing tool - thanks for all your hard work in making it!

@dibdot Thanks. Well, I tried changing those thresholds like you mentioned, and even disabling them, but that IP still gets blocked. The IP in question is in fact the WAN IP address of the router (upstream side - the side that faces the modem, I guess?). I don't know why our IPTV would be trying to connect to the router, though. I've read the Readme again, and my config isn't that unusual. I'm not sure what to do at this point. Edit: I also tried adding the MAC addresses of the IPTV, but it made no difference.

The de-duplication feature actually saves resources and makes it more efficient overall. I'm not sure which device you are using, and what the processor / memory specs are. If you have the resources though you could experiment with changing default settings; such as increasing "Processors used" "Max open files" and increasing the "Split-size" etc.
I did this and the processing / load time dramatically decreased by about 2/3rds.

I'm using a NanoPi R5C for testing (RK3568 quad-core CPU / 4 GB RAM). I don't limit CPU cores so it's multi-threading nicely. I've set ban_splitsize and ban_filelimit both to "4096". I'm fine with the current performance, I was just curious if there was a way to differentiate changes to allow/blocklist from the other third-party feeds since the latter change on a daily cadence whereas the former might change frequently (at least at first). I'll probably create a script to pull all the domains from https://oisd.nl/includedlists/whitelists and add them to the allowlist as a workaround.

1 Like

Hiya,
I have recieved a message in the logs that one of my internal addresses has been listed as suspicious, how do i understand what has triggered this so i can investigate

appreciate your guidance

Thu Jun 13 11:28:11 2024 user.info banIP-1.0.0-1[13216]: suspicious IP '192.168.xxx.xxx'

@dibdot Also, this issue is heavy on the logs, so I'm not sure if this is the cause or not, but my router now becomes unresponsive and then reboots every 6-8 hours. It's a TP-Link Archer C7 v2. The log entries in question occur every 3-12 seconds, with sometimes multiple ones per second. Really wish I could get this to stop. Please help!

@dibdot I'm using banip 1.0.0-r1 on a custom build, however when I try to run banip I get this error:

Thu Jun 13 08:53:19 2024 user.err banIP-1.0.0-r1[5713]: nftables based firewall error

is there a way to expose this error?, this recently started to appear for me, around banip 0.98 it worked fine for me.

Your firewall 4 / fw4 is not running.

1 Like

Please provide much more information ... e.g. banIP config, banIP status, log file excerpt etc.

most probably a failed luci login, check the online readme esp. the chapter " Regular expressions for logfile parsing".

I see !, I decided to redo my configuration thanks :+1: