Fw4 and ipset - country ban

Does iptables-nft support ipset? I believe BanIP support of nft is still in the works, while I wait I'd like to just create my own simple script using something like this from rc.local: https://linoxide.com/block-ips-country-ipset/

Firmware: OpenWrt 22.03-SNAPSHOT r19441-3cfe050c4a

Blocking incoming connections, or outgoing?

@frollic, I'd want to DROP all / both if that was possible. If not just incoming would suffice.

But you're already dropping everything incoming?

Unless you have port/ports open?

BanIP can probably do the outgoing.

Yes it does, with no problems that I have seen. I don't think you can use it in fw4 though, you have to use iptables scripts instead. Make sure you have iptables-nft installed as doing opkg install iptables will install iptables-legacy....