banip: release 0.8.0 (nft rewrite)
- complete rewrite of banIP to support nftables
- all sets are handled in a separate nft table/namespace 'banIP'
- for incoming blocking it uses the inet input hook, for outgoing blocking it uses the inet forward hook
- full IPv4 and IPv6 support
- supports nft atomic set loading
- supports blocking by ASN numbers and by iso country codes
- 42 preconfigured external feeds are available, plus local allow- and blocklist
- supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
- auto-add the uplink subnet to the local allowlist
- provides a small background log monitor to ban unsuccessful login attempts in real-time
- the logterms for the log monitor service can be freely defined via regex
- auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
- fast feed processing as they are handled in parallel as background jobs
- per feed it can be defined whether the input chain or the forward chain should be blocked (default: both chains)
- automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
- automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
- supports a 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
- provides comprehensive runtime information
- provides a detailed set report
- provides a set search engine for certain IPs
- feed parsing by fast & flexible regex rulesets
- minimal status & error logging to syslog, enable debug logging to receive more output
- procd based init system support (start/stop/restart/reload/status/report/search)
- procd network interface trigger support
- ability to add new banIP feeds on your own
- add a readme with all available options/feeds to customize your installation to your needs
- a new LuCI frontend will be available in due course
Signed-off-by: Dirk Brenken <dev@brenken.org>
-
mentioned in commit 36d17152
-
mentioned in commit d913c229
-
mentioned in commit f402c93c
-
mentioned in commit a741422a
-
mentioned in commit 68b8753c
-
mentioned in commit f2d0bc72
-
mentioned in commit 35068c97
-
mentioned in commit 0c285515
-
mentioned in commit fd924e6a
-
mentioned in commit 7b8199ef
-
mentioned in commit 1c276a6c
-
mentioned in commit 8d7b8463
-
mentioned in commit b3e5bc28
-
mentioned in commit b1b76044
-
mentioned in commit 3efc917f
-
mentioned in commit 86249e45
-
mentioned in commit bee17d6a
-
mentioned in commit 2a3e0fef
-
mentioned in commit 7eff1e43
-
mentioned in commit eb459bbf
-
mentioned in commit 3365b54a
-
mentioned in commit 90a66a60
-
mentioned in commit 64927342
-
mentioned in commit e853a854
-
mentioned in commit 2a23df99
-
mentioned in commit 829da868
-
mentioned in commit dc88004f
-
mentioned in commit 4abc5105
-
mentioned in commit 82a0a87f
-
mentioned in commit ec2e4bd7
-
mentioned in commit a17fa31b
-
mentioned in commit e3a4e198
-
mentioned in commit 1fb90095
-
mentioned in commit f97b9d30
-
mentioned in commit 269b2de9
-
mentioned in commit 79c79666
-
mentioned in commit 18644ff1
-
mentioned in commit 9b4ac4f0
-
mentioned in commit 336df493
-
mentioned in commit e47005a0
-
mentioned in commit 5f490d57
-
mentioned in commit 3d613e23
-
mentioned in commit af36bcf0
-
mentioned in commit 9ee8ebc6
-
mentioned in commit 68abe887
-
mentioned in commit f4f3b1c4
-
mentioned in commit 75e36e7d
-
mentioned in commit 6275fabd
-
mentioned in commit 062cba97
-
mentioned in commit 6880d065
-
mentioned in commit 2d2e3277