<feed xmlns='http://www.w3.org/2005/Atom'>
<title>packages/net/banip/Makefile, branch master</title>
<subtitle>Mirror of packages feed</subtitle>
<id>https://git.openwrt.org/feed/packages/atom?h=master</id>
<link rel='self' href='https://git.openwrt.org/feed/packages/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/'/>
<updated>2026-06-28T21:22:58Z</updated>
<entry>
<title>banip: release 1.8.10-1</title>
<updated>2026-06-28T21:22:58Z</updated>
<author>
<name>Hauke Mehrtens</name>
</author>
<published>2026-06-27T23:02:21Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=b4616e8060d9e3ee148dfebfa7a8f301906e4e72'/>
<id>urn:sha1:b4616e8060d9e3ee148dfebfa7a8f301906e4e72</id>
<content type='text'>
- fixed log monitor source-IP spoofing (GHSA-r6hx-4f83-vp8m)
  Fix: per-ban_logterm source anchoring — the real source (last IP in the line)
  is used by default; opt-in 'first:' prefix for source-first formats (web-server access logs).
- add f_mem() helper to read MemAvailable from /proc/meminfo
- cap the auto-detected CPU core count by available memory in f_system:
  ban_cores is limited to MemAvailable / 48 (MiB per job), floored to at least 1 core;
  this bounds the number of feeds processed in parallel on constrained devices,
  a user-set ban_cores is still honored as a ceiling (the cap only ever lowers it).
- derive the GNU sort buffer size from available memory, applied only when
  coreutils sort is present; busybox sort is a no-op

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: update 1.8.9-2</title>
<updated>2026-06-21T16:46:38Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-06-21T16:43:35Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=f5160c8aa17b9373f1260edd17752fba39995569'/>
<id>urn:sha1:f5160c8aa17b9373f1260edd17752fba39995569</id>
<content type='text'>
default feed updates:
- urlhaus, urlvir, webclient: switched from in to out
  and added a tcp udp 80 443 port limit (destination feeds for LAN-initiated traffic)
- feodo, spamhaus, threat, threatview, proxy, tor, vpn, vpndc: switched from in to inout
- threatview: added url_6, as the source ships IPv4 and IPv6 in a single file
- country / asn: intentionally left on in; documented how to switch them to outbound/both
  for the recurring "block connections to country X" case
- readme update:
  - corrected the feed table to match the above,
  - removed the stale drop row (replaced by spamhaus),
  - and reworked the chain explanation to clarify the inbound-vs-outbound (source-IP vs destination-IP) model
  - significantly expanded the custom-feeds section (all JSON fields, rule parameters, etc.

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: release 1.8.9-1</title>
<updated>2026-06-12T20:28:10Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-06-12T20:28:10Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=6d339c9cd0e36ba6f851d6edcf55de08db80cf46'/>
<id>urn:sha1:6d339c9cd0e36ba6f851d6edcf55de08db80cf46</id>
<content type='text'>
* f_conf: ignore empty UCI option values so they don't override sane defaults
* f_etag: strip CR in ETag header extraction (gsub(/[\r"]/,…)) — fixes empty-but-present etag
* f_fetch: validate ban_fetchretry
* fix feed padding in allowlistonly mode
* readme update

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: update 1.8.8-5</title>
<updated>2026-05-29T11:57:31Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-05-29T11:57:31Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=faeecaeb1457039fb9c1a48c90fb12fceee30fac'/>
<id>urn:sha1:faeecaeb1457039fb9c1a48c90fb12fceee30fac</id>
<content type='text'>
* bugfix: only load the configuration once per run: a new `ban_confload`
  guard short-circuits `f_conf()` on subsequent calls, avoiding
  repeated `config_load` invocations
* new: the per-set report now sorts elements by their packet counter in
  descending order before truncating to the top 50, so the report
  shows the most active elements instead of just the first 50 found

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: update 1.8.8-4</title>
<updated>2026-05-18T21:21:43Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-05-18T21:21:19Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=dc39393c1b9668f0c92560e6566ee64709a6abf6'/>
<id>urn:sha1:dc39393c1b9668f0c92560e6566ee64709a6abf6</id>
<content type='text'>
- f_etag performance optimization: single-pass awk consolidating count+match
- f_report performance optimization: significantly reduce subshell spawning
- f_lookup performance optimization: DNS resolution parallelized per domain via subshells
- LuCI: prevent possible report refresh timeouts

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: update 1.8.8-3</title>
<updated>2026-05-16T20:16:43Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-05-16T20:14:30Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=b2d769ffc84c7cbdb1d3cc5e26043e06b9abc4db'/>
<id>urn:sha1:b2d769ffc84c7cbdb1d3cc5e26043e06b9abc4db</id>
<content type='text'>
- gated config sanity checks at the end of banip-functions.sh
   behind 'ban_action' to skip them on init script sourcing paths (enable/disable/help)
- added a ubus socket guard around f_system to harden against pre-ubus sourcing
- added a 'ban_bver' fallback in f_log for sourcing paths without prior f_system execution
- reordered system utility references before system library sourcing,
   so f_log has a valid 'ban_logcmd' available if the library check fails
- minor code improvements and fixes

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: update 1.8.8-2</title>
<updated>2026-05-04T17:42:40Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-05-04T17:42:14Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=98c0a3d00da93c694bd21b5913d8c42b5c1a1389'/>
<id>urn:sha1:98c0a3d00da93c694bd21b5913d8c42b5c1a1389</id>
<content type='text'>
- optimized pidfile handling in the init file
- small cornercase fixes &amp; improvements
- drop deprecated 'drop' feed (replaced by 'spamhaus' json feed with the same content)
- LuCI: expose the new JSON Lines Format in the feed editor
- readme update

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: release 1.8.8-1</title>
<updated>2026-04-30T09:37:14Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-04-30T09:36:40Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=e0669cb1a8950fcdc50d46bf4e2683f3509c1abf'/>
<id>urn:sha1:e0669cb1a8950fcdc50d46bf4e2683f3509c1abf</id>
<content type='text'>
- introduced a shared named nft limit (loglimit) referenced by
  all log rules instead of per-rule limits, aligning with kernel printk rate limits
- added new 'ban_logratelimit' and 'ban_logburstlimit' UCI options for tuning
   the shared log limit; setting ban_logratelimit=0 disables nft-side rate limiting
   entirely (useful for ulogd or other userspace log handlers that bypass printk)
- LuCI: made the new UCI option available (Log Settings)
- readme update

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: release 1.8.7-1</title>
<updated>2026-04-28T18:01:11Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-04-28T18:00:56Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=523c395b17365f90759912f02526197b1f2d3b70'/>
<id>urn:sha1:523c395b17365f90759912f02526197b1f2d3b70</id>
<content type='text'>
- fix log rate limit and drop throttling (#29255, #27990)
- serialize dedup writes via flock in f_down
- tighten RDAP CIDR validation and lock handling in f_monitor
- fix IPv6 prefix regex in f_search, simplify sed pattern in f_report
- readme update

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;

Co-authored-by: Copilot &lt;copilot@github.com&gt;
Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
<entry>
<title>banip: update 1.8.6-4</title>
<updated>2026-04-21T17:29:00Z</updated>
<author>
<name>Dirk Brenken</name>
</author>
<published>2026-04-21T17:28:41Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=a3082e3069f7507514b0bc168991efcb7f6100a1'/>
<id>urn:sha1:a3082e3069f7507514b0bc168991efcb7f6100a1</id>
<content type='text'>
* fixed report generation and housekeeping
* added missing code/function comments

Signed-off-by: Dirk Brenken &lt;dev@brenken.org&gt;
</content>
</entry>
</feed>
