This is a bugfix/maintenance release with following main changes:

• Fix local iplists import when source file doesn't end with a newline (thanks @genekellyjr for reporting the issue)
• Fix local iplists not rolled back when importing a new local iplist fails (thanks @genekellyjr for reporting the issue)
• Minor optimizations in handling local iplist import
• Minor optimizations in handling config and status files
• Make the config file only readable by root
• Code cleanup
• Updated documentation

Full Changelog: v0.7.1...v0.7.2

This is a minor update with following changes:

• Fix connectivity check with wget for the MaxMind IP source
• Detect and correctly handle wget-nossl
• Improve some console messages

Full Changelog: v0.7.0...v0.7.1

Main changes in this release:

• Fixed a bug in subnets aggregation code which in some cases would cause certain IP addresses in the trusted subnets list or in the local IP list to not be registered
• Added an option to keep previously fetched MaxMind database. You can enable it with the command geoip-shell configure -K true
• The check-ip-in-source script now supports using MaxMind account details if they have been previously configured (thanks @QuaxEros for requesting this feature)
• Minor code quality improvements

Full Changelog: v0.6.9...v0.7.0

This release mainly adds support for local IP lists. This feature allows users to import files containing newline-separated IPv4 or IPv6 addresses and have geoip-shell automatically add them to locally stored allowlist or blocklist. The blocklist takes precedence over the allowlist, which takes precedence over geoblocking rules. The syntax is:

geoip-shell configure [-A|-B] <path_to_file>

Use -A to import the file as an allowlist, -B to import the file as a blocklist. You can import multiple files sequentially - this way geoip-shell will add all ip addresses in all source files to local allowlist/blocklist. Note that each source file can only contain IP addresses of one family (IPv4 or IPv6 but not both). Source files containing IP ranges in CIDR format are supported as well.

By default, imported local IP lists are stored in /etc/geoip-shell/local_iplists on OpenWrt, or in /var/lib/geoip-shell/local_iplists on all other systems. To change the directory where local IP lists are stored, use the command

geoip-shell configure -L <path_to_directory>

The command geoip-shell status will now report when any local IP lists are in use. geoip-shell status -v will report the exact count of IP addresses or IP ranges in relevant ipsets.

The README has been updated with some additional details regarding this feature.

Thank you @oraculix for requesting this feature.

Full Changelog: v0.6.8...v0.6.9

This is mostly a bugfix release, with following changes:

• Fix installation on certain versions of Bash (thank you @old-guru for the bug report)
• Fix re-launching the -install script in another shell (thank you @QuaxEros for the bug report)
• Improve logic for starting the cron service when it's stopped
• Improve spell checking in code and documentation (thank you for the contribution @georgeabr)
• Support building apk packages for OpenWrt

From this release on, I will include both ipk and apk packages for OpenWrt.

To install the apk package (currently only relevant for OpenWrt snapshot builds):

apk --allow-untrusted add geoip-shell_0.6.8-r1.apk

The allow-untrusted option is needed because the package doesn't come from the official OpenWrt packages repository. I am planning to push an updated version to the OpenWrt repo soon'ish but haven't had the time to do this yet.

Full Changelog: v0.6.7...v0.6.8

This is a maintenance release with following changes:

• Improve error checking and handling when detecting LAN subnets
• Improve error and log messages
• Minor logic improvements in the -manage, -run and -install scripts

Full Changelog: v0.6.6...v0.6.7

This is mainly a bugfix release.

Bugs fixed:

• Automatic ip list updates do not work under some conditions
• Changing the update schedule via the geoip-shell configure -s <schedule> command doesn't work

Full Changelog: v0.6.5...v0.6.6

This is a minor release with following main changes:

• Fix fetching MaxMind database when database type is GeoIP2 (for paid license)
• Detect gawk when it's installed and use it for faster processing
• Load ipsets more efficiently when using the iptables backend

Full Changelog: v0.6.4...v0.6.5

This release adds support for a 3rd ip lists source: MaxMind. Using both free and paid MaxMind databases is now supported.

To use the MaxMind source, you need to register a MaxMind account, then make sure that the 'unzip' utility exists in your system (or install it if not), then run the command: geoip-shell configure -u maxmind.

Additional changes:

• LAN subnets detection has been largely reimplemented with a much smarter and faster algorithm.
• Improved console and error messages
• Various (mostly minor) bug fixes
• Updated documentation

Full Changelog: v0.6.3...v0.6.4

This is (yet) another pretty big release with the following main changes:

• A lot of work has been put into improving and simplifying logic which implements the configure action. As a result, geoip-shell now performs most configure actions much more efficiently. For example, when changing country codes, geoip-shell now preserves existing ipsets when possible, and only fetches and loads ip lists which are not yet loaded. When changing other options which require updating firewall rules but do not require loading ipsets, geoip-shell will now recreate firewall rules without reloading the ipsets.
• When outbound geoblocking is enabled, geoip-shell will now suggest ways to bypass it in order for automatic ip list ipdates to work. Supported methods: temporarily pause outbound geoblocking while fetching ip lists, or always allow outbound connections to server ip addresses (which can now be automatically detected or manually entered). geoip-shell will initiate a dialog to configure this option when outbound geoblocking is enabled. This option can be set or changed later via the command line using the command geoip-shell configure -U <auto|pause|none|"[ip_addresses]">.
• When verifying firewall rules and ip sets coherence, geoip-shell now checks for the allow ipset which includes any of: link-local ip's, trusted ip's, LAN ip's, iplist server ip's.
• The -manage script now supports a new action: stop. Running geoip-shell stop will kill any running geoip-shell processes, remove geoip-shell firewall rules and unload ip sets.
• The geoip-shell status command output has been improved. In particular, when running geoip-shell status -v (for verbose mode) on iptables-based systems, geoip-shell now parses the firewall rules and prints a custom table which is more useful and has a better layout than the generic iptables report which would be printed previously.
• Make the OpenWrt package smaller by removing some code which is not used on OpenWrt from it (this gets offset by the additional code in this release)
• Improve console output messages
• Various compatibility improvements
• Various usability improvements
• Various bugfixes
• Updated documentation

Full Changelog: v0.6.1...v0.6.3