| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
* made the default mail template "responsive" to get a better view esp. on mobile devices
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
|
| |
* rework the device/interface auto-detection (only layer-3 network devices will be detetcted correctly), disable the auto-detection e.g. for special tunnel interfaces
* supports now full gawk (preferred, if installed) and busybox awk
* raise the default boot timeout to 20 seconds (if 'ban_triggerdelay' is not set)
* various small fixes and improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
| |
* drop packets silently on input and forwardwan chains or actively reject the traffic, set 'ban_blocktype' accordingly
* optimized banIP boot/reload handling
* removed pppoe quirk in device detection
* small fixes and optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
| |
* fix remaining small issues
* standardize log wording
* polished up for branch 23.x
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
|
| |
* add the new init command 'lookup', to lookup the IPs of domain names in the local lists and update them
* significant acceleration of the domain lookup function
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* add missing wan-forward chain (incl. report/mail adaption)
* changed options:
- old: ban_blockforward, new: ban_blockforwardwan and ban_blockforwardlan
- old: ban_logforward, new: ban_logforwardwan and ban_logforwardlan
* add missing dhcp(v6) rules/exceptions
* update readme
Previously run tested by certain forum users (and by me).
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
|
- complete rewrite of banIP to support nftables
- all sets are handled in a separate nft table/namespace 'banIP'
- for incoming blocking it uses the inet input hook, for outgoing blocking it uses the inet forward hook
- full IPv4 and IPv6 support
- supports nft atomic set loading
- supports blocking by ASN numbers and by iso country codes
- 42 preconfigured external feeds are available, plus local allow- and blocklist
- supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
- auto-add the uplink subnet to the local allowlist
- provides a small background log monitor to ban unsuccessful login attempts in real-time
- the logterms for the log monitor service can be freely defined via regex
- auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
- fast feed processing as they are handled in parallel as background jobs
- per feed it can be defined whether the input chain or the forward chain should be blocked (default: both chains)
- automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
- automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
- supports a 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
- provides comprehensive runtime information
- provides a detailed set report
- provides a set search engine for certain IPs
- feed parsing by fast & flexible regex rulesets
- minimal status & error logging to syslog, enable debug logging to receive more output
- procd based init system support (start/stop/restart/reload/status/report/search)
- procd network interface trigger support
- ability to add new banIP feeds on your own
- add a readme with all available options/feeds to customize your installation to your needs
- a new LuCI frontend will be available in due course
Signed-off-by: Dirk Brenken <dev@brenken.org>
|