projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #20930 from stangri/master-pbr
[feed/packages.git] / net / banip / files / README.md
1 <!-- markdownlint-disable -->
2
3 # banIP - ban incoming and outgoing IP addresses/subnets via Sets in nftables
4
5 ## Description
6 IP address blocking is commonly used to protect against brute force attacks, prevent disruptive or unauthorized address(es) from access or it can be used to restrict access to or from a particular geographic area — for example. Further more banIP scans the log file via logread and bans IPs that make too many password failures, e.g. via ssh.
7
8 ## Main Features
9 * banIP supports the following fully pre-configured domain blocklist feeds (free for private usage, for commercial use please check their individual licenses).
10 **Please note:** By default every feed blocks all supported chains. The columns "WAN-INP", "WAN-FWD" and "LAN-FWD" show for which chains the feeds are suitable in common scenarios, e.g. the first entry should be limited to the LAN forward chain - see the config options 'ban\_blockpolicy', 'ban\_blockinput', 'ban\_blockforwardwan' and 'ban\_blockforwardlan' below.
11
12 | Feed | Focus | WAN-INP | WAN-FWD | LAN-FWD | Information |
13 | :------------------ | :----------------------------- | :-----: | :-----: | :-----: | :----------------------------------------------------------- |
14 | adaway | adaway IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
15 | adguard | adguard IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
16 | adguardtrackers | adguardtracker IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
17 | antipopads | antipopads IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
18 | asn | ASN IPs | | | x | [Link](https://asn.ipinfo.app) |
19 | backscatterer | backscatterer IPs | x | x | | [Link](https://www.uceprotect.net/en/index.php) |
20 | bogon | bogon prefixes | x | x | | [Link](https://team-cymru.com) |
21 | country | country blocks | x | x | | [Link](https://www.ipdeny.com/ipblocks) |
22 | cinsscore | suspicious attacker IPs | x | x | | [Link](https://cinsscore.com/#list) |
23 | darklist | blocks suspicious attacker IPs | x | x | | [Link](https://darklist.de) |
24 | debl | fail2ban IP blacklist | x | x | | [Link](https://www.blocklist.de) |
25 | doh | public DoH-Provider | | | x | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
26 | drop | spamhaus drop compilation | x | x | | [Link](https://www.spamhaus.org) |
27 | dshield | dshield IP blocklist | x | x | | [Link](https://www.dshield.org) |
28 | edrop | spamhaus edrop compilation | x | x | | [Link](https://www.spamhaus.org) |
29 | feodo | feodo tracker | x | x | x | [Link](https://feodotracker.abuse.ch) |
30 | firehol1 | firehol level 1 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
31 | firehol2 | firehol level 2 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
32 | firehol3 | firehol level 3 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
33 | firehol4 | firehol level 4 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
34 | greensnow | suspicious server IPs | x | x | | [Link](https://greensnow.co) |
35 | iblockads | Advertising IPs | | | x | [Link](https://www.iblocklist.com) |
36 | iblockspy | Malicious spyware IPs | x | x | | [Link](https://www.iblocklist.com) |
37 | ipthreat | hacker and botnet TPs | x | x | | [Link](https://ipthreat.net) |
38 | myip | real-time IP blocklist | x | x | | [Link](https://myip.ms) |
39 | nixspam | iX spam protection | x | x | | [Link](http://www.nixspam.org) |
40 | oisdbig | OISD-big IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
41 | oisdnsfw | OISD-nsfw IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
42 | oisdsmall | OISD-small IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
43 | proxy | open proxies | x | | | [Link](https://iplists.firehol.org/?ipset=proxylists) |
44 | ssbl | SSL botnet IPs | x | x | | [Link](https://sslbl.abuse.ch) |
45 | stevenblack | stevenblack IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
46 | talos | talos IPs | x | x | | [Link](https://talosintelligence.com/reputation_center) |
47 | threat | emerging threats | x | x | | [Link](https://rules.emergingthreats.net) |
48 | threatview | malicious IPs | x | x | | [Link](https://threatview.io) |
49 | tor | tor exit nodes | x | x | | [Link](https://github.com/SecOps-Institute/Tor-IP-Addresses) |
50 | uceprotect1 | spam protection level 1 | x | x | | [Link](http://www.uceprotect.net/en/index.php) |
51 | uceprotect2 | spam protection level 2 | x | x | | [Link](http://www.uceprotect.net/en/index.php) |
52 | uceprotect3 | spam protection level 3 | x | x | | [Link](http://www.uceprotect.net/en/index.php) |
53 | urlhaus | urlhaus IDS IPs | x | x | | [Link](https://urlhaus.abuse.ch) |
54 | urlvir | malware related IPs | x | x | | [Link](https://iplists.firehol.org/?ipset=urlvir) |
55 | webclient | malware related IPs | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_webclient) |
56 | voip | VoIP fraud blocklist | x | x | | [Link](https://voipbl.org) |
57 | yoyo | yoyo IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
58
59 * Zero-conf like automatic installation & setup, usually no manual changes needed
60 * All Sets are handled in a separate nft table/namespace 'banIP'
61 * Full IPv4 and IPv6 support
62 * Supports nft atomic Set loading
63 * Supports blocking by ASN numbers and by iso country codes
64 * Supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
65 * Auto-add the uplink subnet or uplink IP to the local allowlist
66 * Provides a small background log monitor to ban unsuccessful login attempts in real-time
67 * Auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
68 * Fast feed processing as they are handled in parallel as background jobs
69 * Per feed it can be defined whether the wan-input chain, the wan-forward chain or the lan-forward chain should be blocked (default: all chains)
70 * Automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
71 * Automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
72 * Supports an 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
73 * Deduplicate IPs accross all Sets (single IPs only, no intervals)
74 * Provides comprehensive runtime information
75 * Provides a detailed Set report
76 * Provides a Set search engine for certain IPs
77 * Feed parsing by fast & flexible regex rulesets
78 * Minimal status & error logging to syslog, enable debug logging to receive more output
79 * Procd based init system support (start/stop/restart/reload/status/report/search/survey/lookup)
80 * Procd network interface trigger support
81 * Add new or edit existing banIP feeds on your own with the integrated custom feed editor
82 * Supports external allowlist URLs to reference additional IPv4/IPv6 feeds
83
84 ## Prerequisites
85 * **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support
86 * A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' SSL libraries, 'aria2c' or 'curl' is required
87 * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
88 * For E-Mail notifications you need to install and setup the additional 'msmtp' package
89
90 **Please note the following:**
91 * Devices with less than 256Mb of RAM are **_not_** supported
92 * Any previous installation of ancient banIP 0.7.x must be uninstalled, and the /etc/banip folder and the /etc/config/banip configuration file must be deleted (they are recreated when this version is installed)
93
94 ## Installation & Usage
95 * Update your local opkg repository (_opkg update_)
96 * Install banIP (_opkg install banip_) - the banIP service is disabled by default
97 * Install the LuCI companion package 'luci-app-banip' (opkg install luci-app-banip)
98 * It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
99 * If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs (see the options reference below)
100 * Start the service with '/etc/init.d/banip start' and check check everything is working by running '/etc/init.d/banip status'
101
102 ## banIP CLI interface
103 * All important banIP functions are accessible via CLI.
104 ```
105 ~# /etc/init.d/banip
106 Syntax: /etc/init.d/banip [command]
107
108 Available commands:
109 start Start the service
110 stop Stop the service
111 restart Restart the service
112 reload Reload configuration files (or restart if service does not implement reload)
113 enable Enable service autostart
114 disable Disable service autostart
115 enabled Check if service is started on boot
116 report [text|json|mail] Print banIP related Set statistics
117 search [<IPv4 address>|<IPv6 address>] Check if an element exists in a banIP Set
118 survey [<Set name>] List all elements of a given banIP Set
119 lookup Lookup the IPs of domain names in the local lists and update them
120 running Check if service is running
121 status Service status
122 trace Start with syscall trace
123 info Dump procd service info
124 ```
125
126 ## banIP config options
127
128 | Option | Type | Default | Description |
129 | :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- |
130 | ban_enabled | option | 0 | enable the banIP service |
131 | ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
132 | ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
133 | ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor |
134 | ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
135 | ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
136 | ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
137 | ban_debug | option | 0 | enable banIP related debug logging |
138 | ban_loginput | option | 1 | log drops in the wan-input chain |
139 | ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
140 | ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
141 | ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) |
142 | ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
143 | ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all |
144 | ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
145 | ban_basedir | option | /tmp | base working directory while banIP processing |
146 | ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
147 | ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
148 | ban_protov4 | option | - / autodetect | enable IPv4 support |
149 | ban_protov6 | option | - / autodetect | enable IPv4 support |
150 | ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
151 | ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
152 | ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
153 | ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
154 | ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
155 | ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
156 | ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets |
157 | ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) |
158 | ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
159 | ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
160 | ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
161 | ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance |
162 | ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
163 | ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
164 | ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
165 | ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
166 | ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
167 | ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
168 | ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
169 | ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
170 | ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
171 | ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
172 | ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) |
173 | ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
174 | ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
175 | ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
176 | ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
177 | ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
178 | ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
179 | ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly |
180 | ban_resolver | option | - | external resolver used for DNS lookups |
181
182 ## Examples
183 **banIP report information**
184 ```
185 ~# /etc/init.d/banip report
186 :::
187 ::: banIP Set Statistics
188 :::
189 Timestamp: 2023-02-25 08:35:37
190 ------------------------------
191 auto-added to allowlist: 0
192 auto-added to blocklist: 4
193
194 Set | Elements | WAN-Input (packets) | WAN-Forward (packets) | LAN-Forward (packets)
195 ---------------------+--------------+-----------------------+-----------------------+------------------------
196 allowlistvMAC | 0 | - | - | OK: 0
197 allowlistv4 | 15 | OK: 0 | OK: 0 | OK: 0
198 allowlistv6 | 1 | OK: 0 | OK: 0 | OK: 0
199 torv4 | 800 | OK: 0 | OK: 0 | OK: 0
200 torv6 | 432 | OK: 0 | OK: 0 | OK: 0
201 countryv6 | 34282 | OK: 0 | OK: 1 | -
202 countryv4 | 35508 | OK: 1872 | OK: 0 | -
203 dohv6 | 343 | - | - | OK: 0
204 dohv4 | 540 | - | - | OK: 3
205 firehol1v4 | 1670 | OK: 296 | OK: 0 | OK: 16
206 deblv4 | 12402 | OK: 4 | OK: 0 | OK: 0
207 deblv6 | 41 | OK: 0 | OK: 0 | OK: 0
208 adguardv6 | 12742 | - | - | OK: 161
209 adguardv4 | 23183 | - | - | OK: 212
210 adguardtrackersv6 | 169 | - | - | OK: 0
211 adguardtrackersv4 | 633 | - | - | OK: 0
212 adawayv6 | 2737 | - | - | OK: 15
213 adawayv4 | 6542 | - | - | OK: 137
214 oisdsmallv6 | 10569 | - | - | OK: 0
215 oisdsmallv4 | 18800 | - | - | OK: 74
216 stevenblackv6 | 11901 | - | - | OK: 4
217 stevenblackv4 | 16776 | - | - | OK: 139
218 yoyov6 | 215 | - | - | OK: 0
219 yoyov4 | 309 | - | - | OK: 0
220 antipopadsv4 | 1872 | - | - | OK: 0
221 urlhausv4 | 7431 | OK: 0 | OK: 0 | OK: 0
222 antipopadsv6 | 2081 | - | - | OK: 2
223 blocklistvMAC | 0 | - | - | OK: 0
224 blocklistv4 | 1174 | OK: 1 | OK: 0 | OK: 0
225 blocklistv6 | 40 | OK: 0 | OK: 0 | OK: 0
226 ---------------------+--------------+-----------------------+-----------------------+------------------------
227 30 | 203208 | 12 (2173) | 12 (1) | 28 (763)
228 ```
229
230 **banIP runtime information**
231 ```
232 ~# /etc/init.d/banip status
233 ::: banIP runtime information
234 + status : active (nft: ✔, monitor: ✔)
235 + version : 0.8.5-1
236 + element_count : 281161
237 + active_feeds : allowlistvMAC, allowlistv6, allowlistv4, adawayv4, adguardtrackersv4, adawayv6, adguardv6, adguardv4, adguardtrackersv6, antipopadsv6, antipopadsv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, iblockadsv4, firehol1v4, oisdbigv4, yoyov6, threatviewv4, yoyov4, oisdbigv6, blocklistvMAC, blocklistv4, blocklistv6
238 + active_devices : br-wan ::: wan, wan6
239 + active_uplink : 91.64.169.252/24, 2a02:710c:0:60:958b:3bd0:9e14:abb/128
240 + nft_info : priority: -200, policy: memory, loglevel: warn, expiry: -
241 + run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, feed: /etc/banip/banip.feeds
242 + run_flags : auto: ✔, proto (4/6): ✔/✔, log (wan-inp/wan-fwd/lan-fwd): ✔/✔/✔, dedup: ✔, split: ✘, allowed only: ✘
243 + last_run : action: reload, duration: 1m 0s, date: 2023-04-06 12:34:10
244 + system_info : cores: 4, memory: 1822, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r22498-75f7e2d10b
245 ```
246
247 **banIP search information**
248 ```
249 ~# /etc/init.d/banip search 221.228.105.173
250 :::
251 ::: banIP Search
252 :::
253 Looking for IP '221.228.105.173' on 2023-02-08 22:12:48
254 ---
255 IP found in Set 'oisdbasicv4'
256 ```
257
258 **banIP survey information**
259 ```
260 ~# /etc/init.d/banip survey cinsscorev4
261 :::
262 ::: banIP Survey
263 :::
264 List of elements in the Set 'cinsscorev4' on 2023-03-06 14:07:58
265 ---
266 1.10.187.179
267 1.10.203.30
268 1.10.255.58
269 1.11.67.53
270 1.11.114.211
271 1.11.208.29
272 1.12.75.87
273 1.12.231.227
274 1.12.247.134
275 1.12.251.141
276 1.14.96.156
277 1.14.250.37
278 1.15.40.79
279 1.15.71.140
280 1.15.77.237
281 [...]
282 ```
283 **default regex for logfile parsing**
284 ```
285 list ban_logterm 'Exit before auth from'
286 list ban_logterm 'luci: failed login'
287 list ban_logterm 'error: maximum authentication attempts exceeded'
288 list ban_logterm 'sshd.*Connection closed by.*\[preauth\]'
289 list ban_logterm 'SecurityEvent=\"InvalidAccountID\".*RemoteAddress='
290 ```
291
292 **allow-/blocklist handling**
293 banIP supports local allow and block lists (IPv4, IPv6, CIDR notation or domain names), located in /etc/banip/banip.allowlist and /etc/banip/banip.blocklist.
294 Unsuccessful login attempts or suspicious requests will be tracked and added to the local blocklist (see the 'ban_autoblocklist' option). The blocklist behaviour can be further tweaked with the 'ban_nftexpiry' option.
295 Depending on the options 'ban_autoallowlist' and 'ban_autoallowuplink' the uplink subnet or the uplink IP will be added automatically to local allowlist.
296 Furthermore, you can reference external Allowlist URLs with additional IPv4 and IPv6 feeds (see 'ban_allowurl').
297 Both local lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the Sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time.
298
299 **allowlist-only mode**
300 banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked.
301
302 **redirect Asterisk security logs to lodg/logread**
303 banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration.
304
305 **send status E-Mails and update the banIP lists via cron job**
306 For a regular, automatic status mailing and update of the used lists on a daily basis set up a cron job, e.g.
307 ```
308 55 03 * * * /etc/init.d/banip report mail
309 00 04 * * * /etc/init.d/banip reload
310 ```
311
312 **tweaks for low memory systems**
313 nftables supports the atomic loading of firewall rules (incl. elements), which is cool but unfortunately is also very memory intensive. To reduce the memory pressure on low memory systems (i.e. those with 256-512Mb RAM), you should optimize your configuration with the following options:
314
315 * point 'ban_basedir', 'ban_reportdir' and 'ban_backupdir' to an external usb drive
316 * set 'ban_cores' to '1' (only useful on a multicore system) to force sequential feed processing
317 * set 'ban_splitsize' e.g. to '1000' to split the load of an external Set after every 1000 lines/members
318 * set 'ban_reportelements' to '0' to disable the CPU intensive counting of Set elements
319
320 **tweak the download options**
321 By default banIP uses the following pre-configured download options:
322 ```
323 * aria2c: --timeout=20 --retry-wait=10 --max-tries=5 --max-file-not-found=5 --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o
324 * curl: --connect-timeout 20 --retry-delay 10 --retry 5 --retry-all-errors --fail --silent --show-error --location -o
325 * wget: --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=5 --retry-connrefused --max-redirect=0 -O
326 * uclient-fetch: --timeout=20 -O
327 ```
328 To override the default set 'ban_fetchretry', 'ban_fetchinsecure' or globally 'ban_fetchparm' to your needs.
329
330 **send E-Mail notifications via 'msmtp'**
331 To use the email notification you must install & configure the package 'msmtp'.
332 Modify the file '/etc/msmtprc', e.g.:
333 ```
334 [...]
335 defaults
336 auth on
337 tls on
338 tls_certcheck off
339 timeout 5
340 syslog LOG_MAIL
341 [...]
342 account ban_notify
343 host smtp.gmail.com
344 port 587
345 from <address>@gmail.com
346 user <gmail-user>
347 password <password>
348 ```
349 Finally add a valid E-Mail receiver address.
350
351 **change existing banIP feeds or add a new one**
352 The banIP default blocklist feeds are stored in an external JSON file '/etc/banip/banip.feeds'. All custom changes should be stored in an external JSON file '/etc/banip/banip.custom.feeds' (empty by default). It's recommended to use the LuCI based Custom Feed Editor to make changes to this file.
353 A valid JSON source object contains the following information, e.g.:
354 ```
355 [...]
356 "tor":{
357 "url_4": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
358 "url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
359 "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
360 "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
361 "descr": "tor exit nodes",
362 "flag": ""
363 },
364 [...]
365 ```
366 Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed. The flag is optional, currently only 'gz' is supported to process archive downloads.
367
368 ## Support
369 Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
370
371 ## Removal
372 * stop all banIP related services with _/etc/init.d/banip stop_
373 * remove the banip package (_opkg remove banip_)
374
375 Have fun!
376 Dirk
Mirror of packages feed