## banIP config options
-| Option | Type | Default | Description |
-| :---------------------- | :----- | :---------------------------- | :-------------------------------------------------------------------------------------------- |
-| ban_enabled | option | 0 | enable the banIP service |
-| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
-| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
-| ban_loglimit | option | 100 | scan only the last n log entries permanently. Set it to '0' to disable the monitor |
-| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
-| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
-| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
-| ban_debug | option | 0 | enable banIP related debug logging |
-| ban_loginput | option | 1 | log drops in the wan-input chain |
-| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
-| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
-| ban_autoallowlist | option | 1 | add wan IPs/subnets automatically to the local allowlist |
-| ban_autoblocklist | option | 1 | add suspicious attacker IPs automatically to the local blocklist |
-| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
-| ban_basedir | option | /tmp | base working directory while banIP processing |
-| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
-| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
-| ban_protov4 | option | - / autodetect | enable IPv4 support |
-| ban_protov6 | option | - / autodetect | enable IPv4 support |
-| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
-| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
-| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
-| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
-| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
-| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
-| ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets |
-| ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) |
-| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
-| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
-| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
-| ban_nftpolicy | option | memory | nft policy for banIP-related sets, values: memory, performance |
-| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
-| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
-| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
-| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
-| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
-| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
-| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
-| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
-| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
-| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
-| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
-| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
-| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
-| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
-| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
-| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
-| ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly |
-| ban_resolver | option | - | external resolver used for DNS lookups |
+| Option | Type | Default | Description |
+| :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- |
+| ban_enabled | option | 0 | enable the banIP service |
+| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
+| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
+| ban_loglimit | option | 100 | scan only the last n log entries permanently. Set it to '0' to disable the monitor |
+| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
+| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
+| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
+| ban_debug | option | 0 | enable banIP related debug logging |
+| ban_loginput | option | 1 | log drops in the wan-input chain |
+| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
+| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
+| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) |
+| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
+| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
+| ban_basedir | option | /tmp | base working directory while banIP processing |
+| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
+| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
+| ban_protov4 | option | - / autodetect | enable IPv4 support |
+| ban_protov6 | option | - / autodetect | enable IPv4 support |
+| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
+| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
+| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
+| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
+| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
+| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
+| ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets |
+| ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) |
+| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
+| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
+| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
+| ban_nftpolicy | option | memory | nft policy for banIP-related sets, values: memory, performance |
+| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
+| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
+| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
+| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
+| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
+| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
+| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
+| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
+| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
+| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
+| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
+| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
+| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
+| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
+| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
+| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
+| ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly |
+| ban_resolver | option | - | external resolver used for DNS lookups |
## Examples
**banIP report information**
projects / feed / packages.git / commitdiff