banip: new package to block incoming & outgoing ip addresses

a new script based package called "banIP" to block incoming & outgoing ip adresses/subnets via ipset. Features: * a shell script which uses ipset and iptables to ban a large number of IP addresses published in various IP blacklists (bogon, firehol etc.) * support blocking by ASN numbers * support blocking by iso country codes * support local white & blacklist (IPv4, IPv6 & CIDR notation) * auto-add unsuccessful ssh login attempts to local blacklist * auto-add the uplink subnet to local whitelist * per source configuration of SRC (incoming) and DST (outgoing) * supports IPv4 & IPv6 Strong LuCI support: * easy interface to track & change all aspects of your ipset configuration on the fly * integrated IPSet-Lookup * integrated RIPE-Lookup * Log-Viewer & online configuration of white- & blacklist LuCI-Screenshots will follow in the second post. Forum discussion: https://forum.openwrt.org/t/banip-new-project-needs-testers-feedback/16985 Signed-off-by: Dirk Brenken <dev@brenken.org>
2026-04-30 07:28:39 +01:00 · 2018-11-10 11:01:45 +01:00
parent d785b15857
commit b17588a856
8 changed files with 1119 additions and 0 deletions
@@ -0,0 +1,64 @@
+#
+# Copyright (c) 2018 Dirk Brenken (dev@brenken.org)
+# This is free software, licensed under the GNU General Public License v3.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=banip
+PKG_VERSION:=0.0.5
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-3.0+
+PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/banip
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=Ban incoming and/or outgoing ip adresses via ipsets
+	DEPENDS:=+jshn +jsonfilter +ipset +iptables
+	PKGARCH:=all
+endef
+
+define Package/banip/description
+Powerful banIP script to block ip addresses via ipsets.
+The script supports many ip blacklist sites plus manual black- and whitelist overrides.
+Please see https://github.com/openwrt/packages/blob/master/net/banip/files/README.md for further information.
+
+endef
+
+define Package/banip/conffiles
+/etc/config/banip
+/etc/banip/banip.whitelist
+/etc/banip/banip.blacklist
+endef
+
+define Build/Prepare
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/banip/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) ./files/banip.sh $(1)/usr/bin/
+
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/banip.init $(1)/etc/init.d/banip
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/banip.conf $(1)/etc/config/banip
+
+	$(INSTALL_DIR) $(1)/etc/banip
+	$(INSTALL_CONF) ./files/banip.blacklist $(1)/etc/banip/
+	$(INSTALL_CONF) ./files/banip.whitelist $(1)/etc/banip/
+	
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
+	$(INSTALL_DATA) ./files/banip.hotplug $(1)/etc/hotplug.d/firewall/30-banip
+endef
+
+$(eval $(call BuildPackage,banip))