Page 2 of 2
Re: Banning a Country in KeyHelp
Posted: Mon 20. Jan 2025, 10:20
by Alexander
Regarding the limitations by KeyHelp, you can use up to 16.777.215 characters in total.
Lets assume, all IPv4 address (+masks) have this format (including comma).
"XXX.XXX.XXX.XXX/XX," = 19 characters
16.777.215 / 19 = 883.011
So you would be able to use 883.011 IPv4 addresses
Note:
- This does not take into account IPv6 addresses
- I have not checked if there are limits by IPTables (so you probably can use less addresses)
- Like pointed out, this could become rather inefficient to handle (on the firewall end, as well as in the UI).
Re: Banning a Country in KeyHelp
Posted: Wed 22. Jan 2025, 00:19
by Chalipa
Alexander wrote: ↑Mon 20. Jan 2025, 10:20
Regarding the limitations by KeyHelp, you can use up to 16.777.215 characters in total.
Lets assume, all IPv4 address (+masks) have this format (including comma).
"XXX.XXX.XXX.XXX/XX," = 19 characters
16.777.215 / 19 = 883.011
So you would be able to use 883.011 IPv4 addresses
Note:
- This does not take into account IPv6 addresses
- I have not checked if there are limits by IPTables (so you probably can use less addresses)
- Like pointed out, this could become rather inefficient to handle (on the firewall end, as well as in the UI).
So, just to make sure I have understood this correctly:
883 IPv4 can be saved in
EACH RULE in the firewall to ensure its proper operation.
Correct?
Re: Banning a Country in KeyHelp
Posted: Wed 22. Jan 2025, 00:27
by Jolinar
Chalipa wrote: ↑Wed 22. Jan 2025, 00:19
So, just to make sure I have understood this correctly:
883 IPv4 can be saved in EACH RULE in the firewall to ensure its proper operation.
Correct?
No!
Please read carefully again!
Alexander wrote: ↑Mon 20. Jan 2025, 10:20
So you would be able to use 883.011 IPv4 addresses
Re: Banning a Country in KeyHelp
Posted: Wed 22. Jan 2025, 00:51
by 24unix
Mind the difference between dot and comma.
Re: Banning a Country in KeyHelp
Posted: Thu 5. Jun 2025, 16:52
by Tobi
Is it possible to place plain TXT files with IPs to ban and include these files in the KeyHelp setup?
With this setup one could ban a whole country within the file „countryland.txt“ and „anotherland.txt“ and so on.
Re: Banning a Country in KeyHelp
Posted: Thu 5. Jun 2025, 17:34
by Ralph
Tobi wrote: ↑Thu 5. Jun 2025, 16:52
Is it possible to place plain TXT files with IPs to ban and include these files in the KeyHelp setup?
If possible, use an external FW and turn off the internal one. This prevents the ipset rules from being deleted in the event of a FW flush.
It causes less load when reloading (restore) the blacklists with many IP addresses ... country blocks can be loaded once at system startup via cronjob; they do not need to be updated constantly.
If no external FW is available, then a script would have to be executed after a flush to reload and activate your ipsets.
Re: Banning a Country in KeyHelp
Posted: Thu 5. Jun 2025, 18:15
by Tobi
I don‘t want to disable the KeyHelp firewall.
I want to extend the KeyHelp firewall.
As you said, contry-Ip-ranges don‘t need to be updated very often.