Hi Team,
when I activate dohv4 blocking list using banip the request of librewolf.net will be blocked. If I disable dohv4 blocking list librewolf.net is reachable.
It is possible to set librewolf.net to any internal openwrt whitelist?
thx
Neuro
Pinging librewolf.net [76.76.21.21] with 32 bytes of data:
Reply from 76.76.21.21: bytes=32 time=3ms TTL=242
Reply from 76.76.21.21: bytes=32 time=3ms TTL=242
same as
76.76.21.21 # arashi.eu.org
in https://github.com/dibdot/DoH-IP-blocklists/blob/master/doh-ipv4.txt
you can obviously remove the IP from the ipset, if you want.
2 Likes
Thanks for quick reply.
My thought was not to remove the hoster from blacklist but to whitelist the DNS librewolf.net.
But it is not possible...
Thy again frollic
Why not? You can add the relevant domain to the allowlist in banIP ...
2 Likes
The hoster domain or the blocked domain??
I do not want to disable the content of dohv4 list but allow librewolf.net...
(I'm no banIP user)
librewolf.net resolves to the IP in the ban list, there's no way of whitelisting the DNS name, without whitelisting the IP ?
Just put 'librewolf.net' in your allowlist ... banIP will make a nslookup for this domain and put the found IPs to your allowlist Set in nftables.
1 Like
but wouldn't it also allow arashi.eu.org, which uses the same IP ?
Yep, if they're using the same IP.
and that's the actual problem, they do.
Yes it works.
Set librewolf.net to allowlist
thanks Dirk
but now arashi.eu.org and the IP works too.
you can kill the access to arashi.eu.org, by adding it to dnsmasq, but you'll still allow the IPs to pass through.
I will request an issue to librewolf to switch the hoster 
Hi frollic, Dirk
I just have to come back to our topic.
I found out that klassikradio.de is also on the blacklist dohv4 (76.76.21.21 - arashi.eu.org) and, although I whitelisted librewolf.net, the IP was probably not generally "freed" because klassikradio.de cannot be accessed.
That's why I'm also whitelisting the DNS klassikradio.de and I'll get back to you.
Neuro
Doesn't the OP need to somehow whitelist the IP instead?
Since some hostnames you want - you'll need to use some other method to block client hostname lookup of the unwanted domains. The underlying IP must remain unblocked (i.e. so you don't need to locate all FQDNs on the list that resolve to 76.76.21.21 - being blocked by banIP). @dibdot - please correct me if I'm wrong, or there's a better setting within your software.
he does,
that's why I suggested OP should remove the IP from the ipset, in my 1st post.
1 Like
hmmm,...I whitelisted klassikradio.de when the the request failed and now klassikradio.de ist reachable...
...MAGIC...
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.