Good day.
Need help to incorporate above package from GitHub into open-wrt.
Already installed and able to roughly config banIP.
I followed this one:
https://forum.openwrt.org/t/solved-need-help-installing-github-package/164056
Everything completed without error, but unable to find anywhere vpn-blocking package in banIP. Or everything I am doing wrong!!!
Appreciate help.
Thanks
You can add custom ban lists in banip, can't you ?
1 Like
No idea about that, any tutorial or instruction plz...
This is what happens when I tried to put manually IPV4 list.
If this got a fix, What I understand, list need to update manually on regular basis?
see the tab next to the one in your screen shot ?
1 Like
I tried, but don't know, where to get all these details to fill in blanks
I tried to edit banip.custom.feeds ( etc folder via winscp), pasted all Ip-addresses, but again unable to find those on web interface.
I tried to edit blocklist- received a msg, list to big, cannot be saved.
I am just a earlier then beginner, I would really appreciate, if you able to guide me few steps to fix this.
URLv4 is the URL to the list of IPv4 IPs.
Rulev4 is the regex to extract the IPv4 IPs.
*v6 is for IPv6
Flag is if it's for certain ports and/or protocols.
<!-- markdownlint-disable -->
# banIP - ban incoming and outgoing IP addresses/subnets via Sets in nftables
## Description
IP address blocking is commonly used to protect against brute force attacks, prevent disruptive or unauthorized address(es) from access or it can be used to restrict access to or from a particular geographic area — for example. Further more banIP scans the log file via logread and bans IPs that make too many password failures, e.g. via ssh.
## Main Features
* banIP supports the following fully pre-configured domain blocklist feeds (free for private usage, for commercial use please check their individual licenses).
**Please note:** By default every feed blocks packet traversal in all supported chains, the table columns "WAN-INP", "WAN-FWD" and "LAN-FWD" show for which chains the feeds are suitable in common scenarios:
* WAN-INP chain applies to packets from internet to your router
* WAN-FWD chain applies to packets from internet to other local devices (not your router)
* LAN-FWD chain applies to local packets going out to the internet (not your router)
For instance the first entry should be limited to the LAN forward chain - just set the 'LAN-Forward Chain' option under the 'Feed/Set Seetings' config tab accordingly.
| Feed | Focus | WAN-INP | WAN-FWD | LAN-FWD | Port-Limit | Information |
| :------------------ | :----------------------------- | :-----: | :-----: | :-----: | :----------: | :----------------------------------------------------------- |
| adaway | adaway IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| adguard | adguard IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| adguardtrackers | adguardtracker IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
This file has been truncated. show original
1 Like
thanks, will try this.
Is there any way to confirm after creating custom feed, that its working?
try to connect to those ips using ping, mtr, traceroute or curl
or as you said try connecting to those vpn ips using vpn client? it should have an error of some sorts that shows that it cant connect
I certainly understand that, but my kids!!!
They are bypassing openwrt-Ad Guard, using VPN
I was trying guest network, dumb ap with banIP, to limit their access to only certain website, when I am not home.
if they use commercial VPN providers, block the default VPN ports ?
then you don't need to ban any IPs.
How I can do that, it will be such a relieve.
Thanks for your prompt answers.
if you use drop as action, it'll take the connection longer to fail.
can be pretty fun, since they have to sit there and wait
if you need to block openvpn too, you have to create a similar rule for it, with the correct port(s).
my wan is (empty), since I took the screen shot from an AP.
Thanks, will try and let you know.
Thanks for your help to make this easy and simple.
1 Like
system
Closed
August 17, 2024, 2:08pm
20
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.