hello I am looking for a developer to create a map of the world in luci, a map that we could install in statistic or netdata, and see the ips that we block by example in traffic rules do you think this is possible, example I block 10 ip addresses and I see which ones are blocked in the map of luci statitics in real time,
thanks for all work everybody
You're likely to have more luck, if you give some ballpark figure of how much you're willing to pay.
GeoIP can be inaccurate, and you would be unable to do it locally on many of the OpenWrt devices supported due to storage constraints. (Maxmind would either not fit or take up the vast majority of the small storage.)
I note that crowdsec adds geoip lookup results to their event metadata, but they do it locally (with the same storage space concerns, theirs is >60mb I believe, in addition to the base package being >15).
Another option would be some of the free apis, assuming you can stay within their request limits.
Something to consider before throwing money at it. (Assuming you even find anyone willing to write it)
this could work, but have to be modified so the IP extraction isn't done from fail2ban.
ipinfo.io can be used for the GeoIP lookup, their free account allows 50k queries/mo.
This! GeoIP will be inaccurate. The question is what is the consequence of false localization... in the intended use-case "eye-candy" not being 100% correct is probably acceptable, but this also means that use-case might not be worth dozens of MB?
^--- Truth.
Microsoft ran into issues when they re-allocated an IP range that had previously been assigned to Brazil to their Azure infrastructure. Suddenly, servers were being reported as being to/from Brazil, and you can imagine the hell-scape that followed.
config rule
option name 'block all ip'
option target 'REJECT'
option src 'lan'
list src_ip '192.168.2.160'
option dest 'wan'
list proto 'all'
list dest_ip '24.105.0.0/18'
list dest_ip '108.61.97.0/24'
yes for the moment I block these ips this way and it works very well, it's magnificent,
an automation would be of ip would be a plus when I capture with wireshark when connecting to a game there is marked online connection service and I see that about 20 servers are pinging each other,
I have my method to group them and then classify them and it works but it's a long job,
Like you see the server is grey so his not accessible
I left just server good for me
i'm use firewall nftables now with my belkin and before i use banip with withelist example
i authorize only server who interested by my network
banip
# added on 21.03.2022 03:01:23
192.168.2.160 ## ip ps5
185.34.106.0/24 ## serveur authentification IE
24.105.54.0/24 ip range only for my server
the search is more long but when he found the server is good
i contribute like i can for development openwrt
Especially popular with the ladies.
OpenWrt guy with OpenWrt t-shirt:
Just so you know that if you come round for coffee I have an OpenWrt router with multiple access points set up to use 802.11r fast transition, your data is encrypted via WireGuard VPN, DNS lookups are encrypted too, of course, and latency is managed through smart queue management. It's just wonderful!
Girl:
Oh, I love a man that has his networking affairs in such good order.
Eh, a pfSense shirt would work better on me.