Does iptables-nft support ipset? I believe BanIP support of nft is still in the works, while I wait I'd like to just create my own simple script using something like this from rc.local: https://linoxide.com/block-ips-country-ipset/
Firmware: OpenWrt 22.03-SNAPSHOT r19441-3cfe050c4a
Blocking incoming connections, or outgoing?
@frollic, I'd want to DROP all / both if that was possible. If not just incoming would suffice.
But you're already dropping everything incoming?
Unless you have port/ports open?
BanIP can probably do the outgoing.
Yes it does, with no problems that I have seen. I don't think you can use it in fw4 though, you have to use iptables scripts instead. Make sure you have iptables-nft installed as doing
opkg install iptables will install iptables-legacy....