banIP: update 1.5.6-5

* fixed the restore rc handling * skip allowlist entries during map creation * disable the map button by default (only enabled if map & NFT counter are selected) * disable the content filter checkbox for elements with hits by default (only enabled if NFT counter are selected) * readme update Signed-off-by: Dirk Brenken <dev@brenken.org>
2025-12-10 12:41:22 +00:00 · 2025-06-14 19:47:19 +02:00
parent ae33358c4f
commit 645b0ab137
3 changed files with 7 additions and 3 deletions
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=banip
 PKG_VERSION:=1.5.6
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@@ -109,11 +109,12 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 ## Installation and Usage
 * Update your local opkg/apk repository
 * Install the LuCI companion package 'luci-app-banip' which also installs the main 'banip' package as a dependency
+* Enable the banIP system service (System -> Startup) and enable banIP itself (banIP -> General Settings)
 * It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
 * It's also recommended to configure a 'Reload Trigger Interface' to depend on your WAN ifup events during boot or restart of your router
 * To be able to use banIP in a meaningful way, you must activate the service and possibly also activate a few blocklist feeds
 * If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
-* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
+* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status', also check the 'Processing Log' tab

 <a id="banip-cli-interface"></a>
 ## banIP CLI interface
@@ -482,6 +483,7 @@ C8:C2:9B:F7:80:12                                  => this will be populated to
 ```

 **Set reporting, enable the GeoIP Map**  
+banIP includes a powerful reporting tool on the Set Reporting tab which shows the latest NFT banIP Set statistics. To get the latest statistics always press the "Refresh" button.  
 In addition to a tabular overview banIP reporting includes a GeoIP map in a modal popup window/iframe that shows the geolocation of your own uplink addresses (in green) and the locations of potential attackers (in red). To enable the GeoIP Map set the following options (in "Feed/Set Settings" config tab):  

    * set 'ban_nftcount' to '1' to enable the nft counter for every Set element
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@@ -873,10 +873,11 @@ f_down() {
 		if [ "${etag_rc}" = "0" ] || [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; then
 			if [ "${feed%%.*}" = "allowlist" ] && [ ! -f "${tmp_allow}" ]; then
 				f_restore "allowlist" "-" "${tmp_allow}" "${etag_rc}"
+				restore_rc="${?}"
 			else
 				f_restore "${feed}" "${feed_url}" "${tmp_load}" "${etag_rc}"
+				restore_rc="${?}"
 			fi
-			restore_rc="${?}"
 			feed_rc="${restore_rc}"
 		fi
 	fi
@@ -1618,6 +1619,7 @@ f_report() {
 					json_get_keys table_sets >/dev/null 2>&1
 					if [ -n "${table_sets}" ]; then
 						for item in ${table_sets}; do
+							[ "${item%%_*}" = "allowlist" ] && continue
 							json_select "${item}"
 							json_get_keys set_details
 							for detail in ${set_details}; do