Blocking large groups of ip ranges with banip

hello ill like to know how to block a large group of ip ranges with about 65,000 ip ranges

You create a file with those ranges, then pick it up in banip ?

1 Like

where do i create the file and how do i allow ban ip to pick up the file...when i add all those ranges to blocklist banip wont accept so much

What is your goal in trying to ban 65,000 ip addresses instead of domains?

im trying to block countries but it doesnt work when i select country in feed selection im using a site called ipdeny to get the ips of the countries to block

im trying to setup a geo filter to block countries when gaming

i just want to know how to block a large group of ips in works fine but doesnt allow me to block large groups in block list

Search for geoip here at the forum, keep in mind geo blocking is a very inaccurate tool.


geoip seems a bit complicated for me there anyway to do it with banip since i already no how to use more familliar with the luci inteface and using winscp

I'm not sure geoip-shell is the right tool for this task currently because it only blocks incoming connections, and it creates a rule to allow related/established connections, so if the OP wants to block server responses, they probably won't be blocked. Pretty easy to make that rule optional though, so if @StarIndigo needs this, I can implement it. Blocking outgoing connections is also possible to implement, although that would require more work.

(Sorry about off-topic)

1 Like

Did you consult the readme, esp. the chapter for low memory systems? It's no problem to handle 65k IPs in one Set. BTW, banIP ist also using ipdeny for its country feed. Bottomline it makes sense to look in the readme and ask for support in the banIP support thread.


I was wondering:
What is the size of 65,000 ip addresses?

I agree, most likely banip should be able to do that as well. That said, one thing I've never heard from geoip-shell users is that it's complicated. I specifically tried my best to make it as easy to use as possible. The only potential difficulty might be that it doesn't have LuCi interface, but as long as you know how to use SSH, this should not be a big problem.

1 Like