V siti mam web server a v turrisu mam nastaveny port forward. Chtel bych ale, aby to poustelo dovnitr pouze provoz z EU - tedy aby to blokovalo zajmena provoz z Ciny, Ruska a dalsich mimo EU statu.
Da se to nejak udelat?
Vygoogluj si iptables + ipset + countries a návodů je dost.
Nějaké ipsety najdeš tady https://github.com/mkorthof/ipset-country
balik “banip” to robi. Su tam aj update a luci extension.
banip vypada slibne. Jen mi bohuzel nejde nainstalovat. Zkusim za par dni, jestli bude novy balik.
Collected errors:
- check_data_file_clashes: Package logd wants to install file /sbin/logread
But that file is already provided by package * syslog-ng - opkg_install_cmd: Cannot install package banip.
Nieje to pekne ale dal som preinstalovat cez ten balik (ignore v pkg).
Novy balik je 0.7 ale ten je pre novsie openwrt a maintainer nechce backportovat do starsich.
Takze bud pockas na novy Turris OS alebo to prepises.
PĹ™ihlaš se do ssh a vypiš si všechny závislosti balĂku banip.
root@sw-mox:~# opkg depends -A banip
banip depends on:
libc
jshn
jsonfilter
ip
ipset
iptables
ca-bundle
logd
Nainstaluj si všechny balĂky vyjma logd. Pak nainstaluj balĂk banip.
root@sw-mox:~# opkg --nodeps install banip
Installing banip (0.3.11-1) to root...
Downloading https://repo.turris.cz/hbl/mox/packages/packages/banip_0.3.11-1_all.ipk
Configuring banip.
root@sw-mox:~#
Netestováno jestli to opravdu funguje, YMMV.
@dibdot, I see this was fixed in newer version of banip included in OpenWrt 21.02 and master according to this issue:
Should I send the pull request with cherry-pick for OpenWrt 19.07?
BTW: Guys, sorry for hijack in English.
Please don’t do it.
This includes another 19.x incompatible change. I’ll remove that dependency later today in 19.x-branch.
Recommendation: Do not waste time with banIP 0.3.x - it was really an unfinished early bird. Interested 19.x/turris users should manually update to 0.7.x, e.g.:
* rm -f /etc/config/banip # remove the old banIP config
* opkg update # update/sync your local package index
* cd /tmp
* wget https://downloads.openwrt.org/snapshots/packages/x86_64/packages/banip_0.7.8-1_all.ipk
* wget https://downloads.openwrt.org/snapshots/packages/x86_64/luci/luci-app-banip_git-21.122.69643-c75ed32_all.ipk
* opkg install banip_0.7.8-1_all.ipk
* opkg install luci-app-banip_git-21.122.69643-c75ed32_all.ipk
Edit: The dependency in banIP 0.3.x/19.07-branch has been removed with banip: remove logd dependency · openwrt/packages@1c90bc0 · GitHub
Not sure what happend on my side but the luci was in kind of broken state, I had to remove everything (including config files and packages).
After clean reinstall I am up and running again.
Thank you for this nice tool
One issue I encounter after manually installing the packages. The update process wants to install “newer” luci-app-banip.
In the post you specified:
luci-app-banip_git-21.122.69643-c75ed32_all.ipk
In the update I see:
install luci-app-banip git-21.132.36199-d0cf6e4-1
What seems newer according to the version number but after it is installed it is the old ban-ip interface from 0.3 version.
Any hint on how to disable the update or fix this?
Nope, sorry. Most probably you can trick the package index, but the easiest approach is just to ignore this “update”.
ok, you asked for it … quick and dirty…
edit /usr/lib/opkg/status
, e.g.
Package: luci-app-banip
Version: git-21.154.29028-dc0cfc6
Depends: libc, banip, luci-lib-jsonc
Status: install user installed
Architecture: all
Installed-Time: 1622728851
…bump the version number and you’re done!
thank you but that did not really work for me
INFO:Queue downgrade of luci-app-banip/luci/git-21.132.36199-d0cf6e4-1[git-21.154.29028-dc0cfc6]
Even if I set the version to identical one the updater wants to reinstall it:
INFO:Queue reinstall of luci-app-banip/luci/git-21.132.36199-d0cf6e4-1
Probably missing something