What's new

Skynet Additional blocking list(s)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Volkis

Occasional Visitor
I've tried to find an answer on how to easily add your own blocking list in addition to the default filter lists. And with easy I mean not using menues or CLI on the router.
I have an idea on letting my mail server provide a list of ip-numbers so these will be blocked at router/firewall level instead of letting the mail server do the job.
Is it possible for Skynet to read a list that is scp:ed into the /skynet/lists/ folder or should I clone the official filter, add my local url to it and provide the url for my new filter.list to Skynet?
I want this to run automagically with a cron script on the mail server and Skynet is more or less passively adding contents of the list provided by the mail server.
Maybe this topic have been handled before and I'm too old to read all threads ;-)
 
You'd want to experiment with the import blacklist command. I've never fully understood how persistent these import/deport commands are, but it's somewhere to start.

Code:
Example Import Commands;
( firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples
( firewall import whitelist file.txt "Apples" ) This Whitelists All IPs From URL/Local File With The Comment Apples
 
I had the same question and have been researching Skynet, including looking through the GitHub files. There’s one file with about 10 entries for the blocklist used by Skynet. I imagine Adamm decided to use individual list instead of the composite Fire_Hol(1-4) list in order to cut down on issues with false positives and blocking users from accessing the firewall. Beware that many list can block private IP address ranges and that would likely result in being locked out of your firewall. Here are the default block list included with Skynet:

https://github.com/Adamm00/IPSet_ASUS/blob/master/filter.list

Although I am not certain, I believe, that the blocklist have to be in text format as IP addresses. CIDR blocks are supported. Some list are in XML format, I don’t know if those work. If you search for "Firewall Blocklist" then you’ll find some discussions relevant to other Linux distros. Also the Firehol github has a lot of useful information as well as the main Firehol site on their list and others.

I believe some of these might be included already, but here is a “list of list”.

https://opendbl.net/
 
I use 18 vs. Adamm's default 13, but updated via GUI/cli.

Code:
https://raw.githubusercontent.com/ttgapers/public/main/asus/skynet/custom.list

So for me if I wanted to add one of you entries from opendbl, I'd edit your custom.list to include the list you would like to add, assuming it's in the same ipset format. I got to mine from trial/error as some of the 0-day lists can have lots of false positives.
 
Beware that many list can block private IP address ranges and that would likely result in being locked out of your firewall.
Skynet whitelists the lan.


For extra lists, I just cloned the skynet repo and modify the list to my liking. You can use any other hosted list also. Then in skynet, use option 3 (Malware Blocklist), then option 2 (Change Filter List).
I prefer a block all, and whitelist the known good approach. But that's difficult through a command line, so a strong list is a good compromise. For the Firehol lists, I used almost all of the active lists, that weren't also 100% common in other lists.

edit: for the country blocklist, I used this site.
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top