github friendly-bits/geoip-shell v0.8.0
on GitHub

6 hours ago

This release introduces support for an additional IP list source, some bugfixes and lots of under-the-hood improvements.

Main changes:

  • New IP list source: IPinfo (note: their IP lists are much larger than those fetched from other sources. If you are using geoip-shell with nftables and you want to use the IPinfo source with some of the larger lists - especially the US list - consider switching to iptables since nftables doesn't handle those huge lists well).

  • New action in the main script (geoip-shell-manage.sh): geoip-shell import. This action replaces the command geoip-shell configure <-A|-B> and does exactly the same thing: imports IP addresses or ranges from a user-specified file into a locally stored allowlist or blocklist. The syntax remains the same, only the action keyword is different. The README has been updated accordingly.

  • The internal config management system has been pretty much completely rewritten. It now lives in the geoip-shell-lib-config.sh library.

  • The built-in config system now checks for missing options, as well as unexpected options, reports issues if any, automatically adds missing options to the config file and removes unexpected options from it.

  • Some options in the config file have been renamed. geoip-shell v0.8.0 will automatically migrate values for these options. Specifically: 

    _fw_backend -> firewall_backend
families -> ip_families
autodetect -> autodetect_lan
keep_mm_db -> keep_fetched_db
schedule -> upd_schedule
noblock -> no_block
nobackup -> no_backup
nft_perf -> nft_sets_policy
max_attempts -> max_fetch_attempts

  • The option to download insecurely (i.e. without SSL) has been removed. geoip-shell will now attempt secure download regardless of whether SSL support has been detected - if it fails then it fails. geoip-shell still checks for SSL support and prints a warning when SSL support has not been detected.

  • The keep_fetched_db option now defaults to true on all systems except OpenWrt. This option only applies to MaxMind and IPinfo sources.

  • Fetching with curl will not stay stalled for too long when the server is not responding, since geoip-shell now calls curl with a couple of additional options to prevent such stalling.

  • When download of some of the IP lists fails, geoip-shell will now make additional download attempts when running in manual mode. Previously, only when running automatically (i.e. when called by a cron job or by the firewall include on OpenWrt), extra download attempts would be made.

  • Fix compatibility issue in geoip-shell-lib-nft with certain Bash versions (#74) - thank you @pschiffe for the bug report.

  • Fix an issue with the firewall include on OpenWrt which was causing geoblocking persistence on OpenWrt to not work.

  • Fix the error tr: write error: Broken pipe printed when running in Proxmox VM or in an LXC container (#32 - thank you @QuaxEros for the initial report and @walterzilla for further help with troubleshooting)

  • Fix geoip-shell stop unable to stop a running geoip-shell instance when the latter is sleeping.

  • Other minor bugfixes

  • Lots of code maintenance work

  • Lots of minor code optimizations

  • Documentation updates

  • Some progress on implementing support for ASN blocking (initially I wanted to include this feature in current release but because the release has become quite huge as-is, eventually I decided to postpone this feature implementation, hopefully to the next release)

Full Changelog: v0.7.8.1...v0.8.0

Check out latest releases or
releases around friendly-bits/geoip-shell v0.8.0

Don't miss a new geoip-shell release

NewReleases is sending notifications on new releases.

Get notifications