feat(geoblocking): geo ip management in threat shield ip#1714
Merged
Conversation
Tbaile
approved these changes
Jun 8, 2026
m-dilorenzi
force-pushed
the
banip_geoblocking
branch
from
431b110 to
d1bf1df
Compare
Tbaile
approved these changes
Jun 11, 2026
Tbaile
left a comment
Tbaile
left a comment
Collaborator
There was a problem hiding this comment.
Just a minor leftover, otherwise we good for the backend
m-dilorenzi
force-pushed
the
banip_geoblocking
branch
from
bc4e0c4 to
fcc4d0d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the implementation of the Geo IP blocking feature in the Threat Shield IP firewall section.
Using this feature allows users to block inbound and outbound connections from specific countries.
Two new APIs,
geoblocking-configurationandset-geoblocking-configuration, have been implemented to allow the UI to retrieve and update the current BanIP configuration for blocked countries.Each country is categorized using a JSON map that assigns it to the corresponding region (Africa, Oceania, Europe, etc.), which is then shown in the UI.
The
geoblocking-configurationAPI returns the state of the Geo IP service (enabled/disabled) and the list of selectable countries, divided by region and indicating whether each one is blocked.The
set-geoblocking-configurationAPI receives the Geo IP service state (enabled/disabled) and the list of blocked countries.When the service configuration is modified, the backup files
/tmp/banIP-backup/banIP.countryv4.gzand/tmp/banIP-backup/banIP.countryv6.gzare deleted if present. This is necessary because, when the list of blocked countries is changed, banIP uses the IP lists stored in these two backup files, which may contain more or fewer IP addresses than desired.Closes: #1586