v0.7.6

Main changes in this release:

• Support updated RIPE lists format (RIPE recently changed the format of the json file delivered via their API) - users who configured geoip-shell to fetch from RIPE should upgrade geoip-shell. Thank you @leohumnew for the bug report
• Change SSL support detection logic to avoid errors on some systems (notably OpenSuse) - thank you @leohumnew for the bug report
• Improve firewall rules table (printed following the command geoip-shell status -v) for iptables - printed column width will now exactly fit the contents, so more data should fit on the screen without breaking the table
• Fix fetch retries on errors and improve retry logic
• Correctly detect incompatible ksh93 variants
• Improve compatibility with mksh, lksh, ksh93u+m
• Improve handling of incompatible shells
• Improve console and error messages
• Improve error handling
• Use subdirectories under /tmp for various geoip-shell temporary files
• Lots of code cleanup and some code refactoring

Full Changelog: v0.7.5...v0.7.6

v0.7.5

New feature in this release:

• Support for calling functions from user-specified custom script on success or failure (see the README for details)

Additional changes:

• Fix /backup deleted during initial setup: #59
• Fix non-interactive setup on OpenWrt: #61
• Fix geoip-shell lookup printing file contents when called with the -F option
• Support option -w <ipt|nft|all> in the install script - this allows to specify which geoip-shell firewall backend library to install
• geoip-shell and geoip-shell-iptables can now be installed on any OpenWrt system with firewall3 or firewall4 (previously only firewall3+iptables or firewall4+nftables was supported)
• Other minor bugfixes and improvements

Full Changelog: v0.7.4...v0.7.5

v0.7.4

This release implements new action: lookup.

It allows to look up IP addresses in IP sets loaded by geoip-shell. For usage, please read DETAILS.md or run the command geoip-shell -h.

Using this action requires the grepcidr utility which, unfortunately, has not been ported to OpenWrt, so currently this action can not be used in OpenWrt. For other distributions, install the grepcidr package using the package manager in order to use lookup. Thank you @n0obHere for requesting this feature.

Full Changelog: v0.7.3...v0.7.4

v0.7.3

What's Changed

• Prompt user to select the firewall backend when both iptables and nftables are available
• Detect running inside LXC containers, warn when running in unprivileged LXC container and selecting the nftables backend
• Use domain URLs (rather than download URLs) for connectivity check
• Sleep before removing ipsets with iptables (fixes iptables error)
• Implement generic exclusions check, ignore excluded list ID's in -run, -manage, -apply, -fetch
• Fix bugs with loading local iplists
• Add more list ID's which currently have no registered IP ranges to the file iplist-exclusions.conf
• Many various logic improvements

Full Changelog: v0.7.2...v0.7.3

v0.7.2

This is a bugfix/maintenance release with following main changes:

• Fix local iplists import when source file doesn't end with a newline (thanks @genekellyjr for reporting the issue)
• Fix local iplists not rolled back when importing a new local iplist fails (thanks @genekellyjr for reporting the issue)
• Minor optimizations in handling local iplist import
• Minor optimizations in handling config and status files
• Make the config file only readable by root
• Code cleanup
• Updated documentation

Full Changelog: v0.7.1...v0.7.2

v0.7.1

This is a minor update with following changes:

• Fix connectivity check with wget for the MaxMind IP source
• Detect and correctly handle wget-nossl
• Improve some console messages

Full Changelog: v0.7.0...v0.7.1

v0.7.0

Main changes in this release:

• Fixed a bug in subnets aggregation code which in some cases would cause certain IP addresses in the trusted subnets list or in the local IP list to not be registered
• Added an option to keep previously fetched MaxMind database. You can enable it with the command geoip-shell configure -K true
• The check-ip-in-source script now supports using MaxMind account details if they have been previously configured (thanks @QuaxEros for requesting this feature)
• Minor code quality improvements

Full Changelog: v0.6.9...v0.7.0

v0.6.9

This release mainly adds support for local IP lists. This feature allows users to import files containing newline-separated IPv4 or IPv6 addresses and have geoip-shell automatically add them to locally stored allowlist or blocklist. The blocklist takes precedence over the allowlist, which takes precedence over geoblocking rules. The syntax is:

geoip-shell configure [-A|-B] <path_to_file>

Use -A to import the file as an allowlist, -B to import the file as a blocklist. You can import multiple files sequentially - this way geoip-shell will add all ip addresses in all source files to local allowlist/blocklist. Note that each source file can only contain IP addresses of one family (IPv4 or IPv6 but not both). Source files containing IP ranges in CIDR format are supported as well.

By default, imported local IP lists are stored in /etc/geoip-shell/local_iplists on OpenWrt, or in /var/lib/geoip-shell/local_iplists on all other systems. To change the directory where local IP lists are stored, use the command

geoip-shell configure -L <path_to_directory>

The command geoip-shell status will now report when any local IP lists are in use. geoip-shell status -v will report the exact count of IP addresses or IP ranges in relevant ipsets.

The README has been updated with some additional details regarding this feature.

Thank you @oraculix for requesting this feature.

Full Changelog: v0.6.8...v0.6.9

v0.6.8

This is mostly a bugfix release, with following changes:

• Fix installation on certain versions of Bash (thank you @old-guru for the bug report)
• Fix re-launching the -install script in another shell (thank you @QuaxEros for the bug report)
• Improve logic for starting the cron service when it's stopped
• Improve spell checking in code and documentation (thank you for the contribution @georgeabr)
• Support building apk packages for OpenWrt

From this release on, I will include both ipk and apk packages for OpenWrt.

To install the apk package (currently only relevant for OpenWrt snapshot builds):

apk --allow-untrusted add geoip-shell_0.6.8-r1.apk

The allow-untrusted option is needed because the package doesn't come from the official OpenWrt packages repository. I am planning to push an updated version to the OpenWrt repo soon'ish but haven't had the time to do this yet.

Full Changelog: v0.6.7...v0.6.8

v0.6.7

This is a maintenance release with following changes:

• Improve error checking and handling when detecting LAN subnets
• Improve error and log messages
• Minor logic improvements in the -manage, -run and -install scripts

Full Changelog: v0.6.6...v0.6.7