Description
Add UI support for Geo IP management in the Threat Shield IP section.
The new UI must allow administrators to block traffic by geographic area, including both:
- full continent blocking
- granular exceptions within a blocked continent
Example:
- block all Europe
- allow specific countries such as Italy and the UK
The list of supported countries/states must be based on the entries available in the banip.countries list:
https://github.com/openwrt/packages/blob/master/net/banip/files/banip.countries
Since that list also contains some grouped entries that are not usable as-is, the UI and logic should reorganize the available items according to geographic concepts by comparing the current list with the regional classification provided here:
https://github.com/lukes/ISO-3166-Countries-with-Regional-Codes/blob/master/all/all.csv
This feature is needed to make Geo IP filtering easier to configure from the UI and to provide a clearer and more flexible user experience for geographic blocking rules.
It should also include a UI PR for the frontend implementation.
Proposed solution
Implement a new Geo_IP tab inside Threat Shield IP.
The new tab should:
- provide a UI to enable/disable the Geo IP blocking service
- allow selection of whole continents
- allow per-country exceptions and overrides inside selected continents
- support configurations such as “block Europe except Italy and UK”
- use the country list from
banip.countries
- reorganize countries into meaningful geographic groupings by mapping them against the ISO 3166 regional dataset
Additionally:
- remove the existing “country block” toggle currently available among the blacklists
- move that toggle into the new Geo_IP tab
- use it as the main global switch for the Geo IP service
The implementation should be delivered with a dedicated PR for the UI side.
See also
https://github.com/openwrt/packages/blob/master/net/banip/files/banip.countrieshttps://github.com/lukes/ISO-3166-Countries-with-Regional-Codes/blob/master/all/all.csv
Components
NethSecurity 8.7.2
Description
Add UI support for Geo IP management in the Threat Shield IP section.
The new UI must allow administrators to block traffic by geographic area, including both:
Example:
The list of supported countries/states must be based on the entries available in the
banip.countrieslist:https://github.com/openwrt/packages/blob/master/net/banip/files/banip.countriesSince that list also contains some grouped entries that are not usable as-is, the UI and logic should reorganize the available items according to geographic concepts by comparing the current list with the regional classification provided here:
https://github.com/lukes/ISO-3166-Countries-with-Regional-Codes/blob/master/all/all.csvThis feature is needed to make Geo IP filtering easier to configure from the UI and to provide a clearer and more flexible user experience for geographic blocking rules.
It should also include a UI PR for the frontend implementation.
Proposed solution
Implement a new Geo_IP tab inside Threat Shield IP.
The new tab should:
banip.countriesAdditionally:
The implementation should be delivered with a dedicated PR for the UI side.
See also
https://github.com/openwrt/packages/blob/master/net/banip/files/banip.countrieshttps://github.com/lukes/ISO-3166-Countries-with-Regional-Codes/blob/master/all/all.csvComponents
NethSecurity 8.7.2