Need Help with IPset

RSHARM · December 9, 2023, 6:07am

Included File - https://github.com/dibdot/DoH-IP-blocklists/blob/master/doh-ipv4.txt

Sometimes (1/15) the block works

Also how to update the "includes File" in IPSet from URL?

vgaetera · December 9, 2023, 6:55am

opkg update
opkg install banip luci-app-banip
uci set banip.global.ban_enabled="1"
uci add_list banip.global.ban_feed="doh"
uci commit banip
service banip restart
service rpcd restart

frollic · December 9, 2023, 7:08am

OOM perhaps?
hardly BanIPs fault.

frollic · December 11, 2023, 3:47pm

That would probably be the PBR package.

RSHARM · December 11, 2023, 3:50pm

I am creating a allow list for VPN's IPs from online URL

frollic · December 11, 2023, 3:51pm

Then it's not the PBR package ,)

But why?
There's no restriction for outgoing traffic.

RSHARM · December 11, 2023, 3:53pm

for a strong firewall that only allow VPN IPs on VPN ports

frollic · December 11, 2023, 3:54pm

Still insufficient info.

Incoming then, I'd assume.

RSHARM · December 11, 2023, 3:55pm

VPN doesnt need incoming traffic

frollic · December 11, 2023, 4:04pm

Still NFI what's you're trying to achieve.

But good luck with incoming VPN traffic, when the fw isn't open.

RSHARM · December 11, 2023, 4:22pm

github.com

scriptzteam/ProtonVPN-VPN-IPs/blob/main/entry_ips.txt

2.58.241.66
5.157.13.2
5.8.16.146
5.8.16.162
5.8.16.234
31.13.189.226
31.13.189.242
37.120.215.226
37.120.215.242
37.120.217.162
37.120.217.82
37.120.217.87
37.120.244.154
37.120.244.50
37.120.244.58
37.120.244.98
37.19.200.26
37.19.200.27
37.19.201.129
37.19.201.130

This file has been truncated. show original

Why I need incoming ? Currently all incoming is blocked on my router and VPN works

krazeh · December 11, 2023, 4:24pm

What is this supposed to mean?

frollic · December 11, 2023, 4:30pm

That's the only scenario, I can think of, where you'd need the VPN provider's IPs.

Unless you're blocking all outgoing traffic, but Proton VPN.

lleachii · December 11, 2023, 4:44pm

@RSHARM - Please use complete sentences to fully describe your issue to the community. We'll be better able to assist if you employ clear, detailed information, describe your screenshots textually, etc. We're unable to guess why you wish to add Proton's VPN endpoint list to your firewall. You have to explain.

As previously noted, please be mindful of deleting posts that alter the context of the conversation.

EDIT:

If this is your reason, I don't understand the deleted post, so please explain the current discussion?
If this is not your reasoning, please clarify nonetheless
Why won't BanIP help? (having read the thread - it seems the issue is you failed to provide enough information to assist, but alas it seems as if you deleted your posting that prompted the developer's response there as well)

Implementing such a rule will likely break your Internet connection for other reasons (i.e. not considering DNS, NTP or IPv6, etc.). It's difficult to determine what you desire, since you fail to share your reasoning or use case.