OpenWRT packages banIP and luci-app-banip?

kloswerkes · 2020-01-27T08:01:38.112Z

We require the ability to block malicious ip addresses in order to protect our router / network. While we have been able to block individual IP addresses using the LUCI interface, it is labor intensive to add and remove them one at a time.

On the OpenWRT site, they list this package and corresponding LUCI add on - packages/README.md at master · openwrt/packages · GitHub

I tried to install it (opkg install banip and opkg install luci-app-banip) but it is not available.

How soon can we expect you will update things so this is available?

Johnex · 2020-01-27T20:09:19.525Z

If you find a package that is not available, you can compile it yourself for now using the GL SDK from here:

GitHub

GitHub - gl-inet/sdk: OpenWRT SDK for GL.iNet devices

OpenWRT SDK for GL.iNet devices. Contribute to gl-inet/sdk development by creating an account on GitHub.

It might be added in the future, in the meantime use that

alzhao · 2020-01-30T04:06:12.813Z

We will soon put adguard in the router and it is much easier.

kloswerkes · 2020-02-06T09:15:02.427Z

Will adguard let us ban large lists of IP addresses? (we don’t need the ability to block DNS…we use pihole for that)

alzhao · 2020-02-06T09:52:17.301Z

I am not sure. But it is similar as PiHole.

Johnex · 2020-02-06T11:34:53.484Z

Yes, you can see here:

kb.adguard.com

How to create your own ad filters | AdGuard Knowledgebase

AdGuard

groentjuh · 2020-02-06T14:35:03.585Z

Those tools have different purposes. Adguard want to protect users against ads by blocking domains and possibly ips.

banip protects the router’s web-interface (and ssh and other services) from being attacked by blocking IPs when login fails repeatedly.

User_Felix · 2020-02-06T15:01:55.724Z

Good news!

kloswerkes · 2020-02-06T18:18:26.654Z

Right…banip and adguard appear to be two different things, with two separate purposes.

Maybe a use case will help:

We are provided (from DHS and other organizations) a list of ip addresses known to originate malicious attack traffic. We want to be able to cut and paste this list of ip addresses into our router, to ensure those ip address cannot communicate with our router or anyone on our network.

Will adguard accomplish this for us? If not, when will you have this capability (via banip or something else)?