Szablon: Web banip
The banIP page of {{{model}}} router is used to configure banIP package to block ip addresses/subnets via IPSet.
Overview
Information
banIP package details can be found in Information section. You can refresh timer, suspend, refresh or restart the package using the corresponding buttons.
In Services part user can manage the DDNS services providers.
| Name | Value | Description |
|---|---|---|
| Status / Version | Package status and version | |
| IPSet Information | ||
| Active Sources | ||
| Active Devices | ||
| Active Interfaces | ||
| Active Logterms | ||
| Active Subnets | ||
| Run Information | ||
| Run Flags | ||
| Last Run |
Settings
General Settings=
| Name | Value | Description |
|---|---|---|
| Enabled | On/Off, default: Off | Enable the banIP service. |
| Startup Trigger Interface | unspecified, dhcp, gsm or lan, default: gsm | List of available network interfaces to trigger the banIP start. |
| Auto Detection | On/Off, default: On | Detect relevant network interfaces, devices, subnets and protocols automatically. |
| Log Monitor | On/Off, default: Off | Starts a small log monitor in the background to block suspicious SSH/LuCI login attempts. |
| Enable SRC logging | On/Off, default: On | Log suspicious incoming packets - usually dropped. |
| Enable DST logging | On/Off, default: Off | Log suspicious outgoing packets - usually rejected. Logging such packets may cause an increase in latency due to it requiring additional system resources. |
| Whitelist Only | On/Off, default: Off | Restrict the internet access from/to a small number of secure websites/IPs and block access from/to the rest of the internet. |
| E-Mail Notification | On/Off, default: Off | Send banIP related notification e-mails. This needs the installation and setup of the additional 'msmtp' package. |
Additional Settings=
| Name | Value | Description |
|---|---|---|
| Verbose Debug Logging | On/Off, default: Off | Enable verbose debug logging in case of any processing errors. |
| Service Priority | Highest Priority, High Priority, Normal Priority, Less Priority or Least Priority, default: Normal Priority | The selected priority will be used for banIP background processing. This change requires a full banIP service restart to take effect. |
| Trigger Delay | Additional trigger delay in seconds before banIP processing begins. | |
| Download Queue | Size of the download queue for download processing in parallel. | |
| Base Temp Directory | Base Temp Directory used for all banIP related runtime operations. | |
| Backup Directory | Target directory for compressed source list backups. | |
| Report Directory | Target directory for IPSet related report files. | |
| Download Utility | List of supported and fully pre-configured download utilities. | |
| Download Insecure | Don't check SSL server certificates during download. | |
| Download Parameters | Manually override the pre-configured download options for the selected download utility. |
Advanced Chain Settings=
Advanced Log Settings=
Advanced E-Mail Settings=
Blocklist Sources=
IPSet Report
This tab shows the last generated IPSet Report. Press the Refresh button to get a current one. To Search the active banIP-related IPSets for a specific IP, CIDR or MAC address press IPSet Querry button.
| Name | Value | Description |
|---|---|---|
| Timestamp | ||
| Number of all IPSets | number | |
| Number of all entries | number | |
| Number of IP entries | number | |
| Number of CIDR entries | number | |
| Number of MAC entries | number | |
| Number of accessed entries | number |
Edit Blacklist
This is the local banIP blacklist to always-deny certain IP/CIDR addresses. Note: add only one IPv4 address, IPv6 address or domain name per line. Comments introduced with '#' are allowed - wildcards and regex are not.
Edit Whitelist
This is the local banIP whitelist to always allow certain IP/CIDR addresses. Note: add only one IPv4 address, IPv6 address or domain name per line. Comments introduced with '#' are allowed - wildcards and regex are not.
Edit Maclist
This is the local banIP maclist to always-allow certain MAC addresses. Note: add only one MAC address per line. Comments introduced with '#' are allowed - domains, wildcards and regex are not.
Log View
The syslog output, pre-filtered for banIP related messages only.
[[Category:{{{model}}} User Manual]]