Adamm
Part of the Furniture
by the way, will the ip become blocked permanently? or it will be release after certain days?
Yes all bans are permanent, unless you unban them of-coarse.
by the way, will the ip become blocked permanently? or it will be release after certain days?
Yes all bans are permanent, unless you unban them of-coarse.
Oct 21 02:26:07 Skynet: [Complete] 131075 IPs / 2226 Ranges Banned. -37408 New IPs / 170 New Ranges Banned. 229 Inbound / 0 Outbound Connections Blocked! [67s]
Oct 21 03:00:07 Skynet: [Complete] 131075 IPs / 2226 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 258 Inbound / 0 Outbound Connections Blocked! [7s]
OK so the bans are not purged but are the blocks purged and if so, on what basis?
Adamm, will you consider to auto release the autoban ip after certain number of days? probable after 72 hours?
sh /jffs/scripts/firewall unban autobans
Hi Adamm, thank you for the advice, it enlighten me about the use of "at" command. although you need to use entware to install it as it is not standard available inside merlin.
i am thinking about the possibility to:
Detected BadIP;
{
AutoBanning BadIP;
add to command
echo "sh /jffs/scripts/firewall unban BadIP" | at -m now + 72 hours
}
I will spend some time to play around this, but i am not a programmer.
sh /jffs/scripts/firewall ban 8.8.8.8
sh /jffs/scripts/firewall ban ip 8.8.8.8
Any news on support for am382.x?
The missing xt_set.ko module was added in 382.1 Beta 2.
The changes I made to ipset 6 to support the earlier kernel probably will need to be reviewed (my guess is that they will need to be backed out). There's also a config file that I changed from a dynamic generation to a customized static file that will probably need to be regenerated for the newer kernel.
I'm not going to beta test or install final version until this script is install-able.The missing xt_set.ko module was added in 382.1 Beta 2.
The missing xt_set.ko module was added in 382.1 Beta 2.
Did you recompile the complete kernel since we talked? Cause I updated to beta 2 when you first released it and the module was still not added
Sent from my iPhone using Tapatalk
admin@Stargate86:/tmp/home/root# find /lib/modules -name xt_set.ko
/lib/modules/4.1.27/kernel/net/netfilter/xt_set.ko
I believe some more work needs to be done, specifically on the changes @john9527 made when adding support for the comment (and other) extensions.
hungluu@RT-AC86U-9410:/lib/modules/4.1.27/kernel/net/netfilter# ls
ipset nf_nat_sip.ko xt_hashlimit.ko
nf_conntrack_ftp.ko xt_HL.ko xt_hl.ko
nf_conntrack_h323.ko xt_TPROXY.ko xt_length.ko
nf_conntrack_rtsp.ko xt_comment.ko xt_quota.ko
nf_conntrack_sip.ko xt_condition.ko xt_recent.ko
nf_nat_ftp.ko xt_geoip.ko xt_socket.ko
Maybe a new beta2 was compiled? Mine doesn't show the file exists.
35a05e9 kernel41: enable XT_SET kernel module
6b56d48 Bumped revision to beta 3
I'll need more details. Right now, 4.1 already came with ipset modules, I didn't have to patch the kernel, so this is probably what's present upstream from kernel.org.
admin@RT-AC68U-EE20:/tmp/home/root# ipset create Test hash:ip comment
admin@RT-AC68U-EE20:/tmp/home/root# ipset -A Test 8.8.8.8 comment foobar
admin@RT-AC68U-EE20:/tmp/home/root# ipset -L Test
Name: Test
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 131
References: 0
Number of entries: 1
Members:
8.8.8.8 comment "foobar"
admin@RT-AC68U-EE20:/tmp/home/root# ipset flush Test
admin@RT-AC68U-EE20:/tmp/home/root# ipset -L Test
Name: Test
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 60
References: 0
Number of entries: 0
Members:
admin@RT-AC68U-EE20:/tmp/home/root#
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!