Nethsecurity Threat shield IP uses lists as on: packages/net/banip/files/README.md at master · openwrt/packages · GitHub
Those lists are intended as Inbound or Outbound. Inbound combines the chains WAN-Input and WAN-Forward, Outbound represents the LAN-FWD chain. And they should not be used for other purpose, than that marked (only exceptionally).
But Nethsecurity implies these lists on all traffic. Leaving this feature not much useful with many false positive issues.
We forked the package to allow our implementation to work beside it. Despite the feed list marks them as “in” or “out” this information on BanIP 1.0.1 does not hold any value. An update is being planned but upstream the package always breaks something that we use, and it has been difficult to update to newer versions.
The fork is here: nethsecurity/packages/banip at main · NethServer/nethsecurity · GitHub
I have a solid understanding and quite good insight into banIP and the NethSecurity fork, and I appreciate your reasoning. However, this doesn’t alter the necessity for some lists to be designated as inbound and others as outbound. The current state makes them impractical to use.
Agree, will try to push forward the update of BanIp, but it’s definitely not planned for next release, maybe future ones.
@filippo_carletti pointed out internally the same thing