Menu
What's new
By:
Filters Better Search

Aegis Aegis 1.7.x

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks, like I said going to do a wipe and start from scratch. I'll keep you posted when I get to it. Thanks for looking into it, much appreciated!
 
Turns out that wasn't it at all. After updating Voxel's firmware and kamoj's add-on, then rebooting ... it was back to not logging again plus throwing up all those wifi errors. Awhile back I had switched my DHCP server from the R9000 and enabled it on my pihole. Switched it back to the R9000, release/renew on the DHCP leases, and all is well. Tried rebooting and the logging keeps on working, so I believe this is now solved. Sorry to have wasted your time with this HELLO_wORLD!
 
foo man said:
Turns out that wasn't it at all. After updating Voxel's firmware and kamoj's add-on, then rebooting ... it was back to not logging again plus throwing up all those wifi errors. Awhile back I had switched my DHCP server from the R9000 and enabled it on my pihole. Switched it back to the R9000, release/renew on the DHCP leases, and all is well. Tried rebooting and the logging keeps on working, so I believe this is now solved. Sorry to have wasted your time with this HELLO_wORLD!
Click to expand...
No worries ;):)
 
New Release

1.7.12​

  • Changed when the boot time is calculated. With recent Voxel firmwares, aegis was calculating its base time (for logs) before date or uptime was properly set.
  • Changed the Web Companion post install script, as it was not checking if a directory was present before installing DOC files.
 
Thanks for the update. Once again github is blocked by the filters. I don't know the reason for this.

1628514782244.png
 
sppmaster said:
Thanks for the update. Once again github is blocked by the filters. I don't know the reason for this.

View attachment 35596
Click to expand...
I suppose one IP in the same range as GitHub is sometimes doing activity considered suspicious, so the whole range is blocked.
Just whitelist GitHub IP and you will be fine.
 
@HELLO_wORLD I have just installed your add-on for the 1st time. Will explore it once I have more time but I have a question. Using your add-on and web-companion is it possible to DROP or PREROUTE e.g. Google or Cloudflare DNS to e.g. router / adguard DNS? This is in order to prevent Netflix app with hard coded DNS (e.g. on Android TV) to make requests bypassing the router's settings. I have quickly checked web companion but it doesn't seem to allow adding any such firewall filters.
 
R. Gerrits said:
If you install adguard home via kamoj addon, then kamoj addon will intercept all dns (port 53) and redirect to adguard.
Click to expand...
I am getting proxy error on Netflix Android TV app using my smartdns (it works on other platforms / browsers). Using Wireguard on the same server works without any issues. Netflix app on some devices have hardcoded DNS, so they ignore router settings. It has to be forced on the router to actually redirect or block all DNS requests, especially from Google and Cloudflare.
 
I have added the following for now to custom blacklist:
8.8.8.8
8.8.4.4
1.1.1.1
1.0.0.1
108.175.32.0
198.38.96.0
198.45.48.0
185.2.220.0
23.246.0.0
37.77.184.0
45.57.0.0

Although smartdns worked for a while, it has quickly showed up proxy error. They must be checking something else via the Netflix app.

Is it also possible to block domains and DoH / DoT resolvers via Aegis?
 
Hello @primitivo
Aegis only block lists of IPs or IP ranges, so no domain names or any domain resolution.

To redirect DNS, the best is to use custom iptables rules (in a script); I believe there are specific threads about this in this forum.
 
@HELLO_wORLD Thank you. Does your firewall work with IPv6 as well?

So I have added all those IPs mentioned above and although I can see IPs directly requested by Netflix Android TV app being dropped, I can't see any Google DNS requests... The only Google DNS requests that I am seeing are coming from my router R9000, so I don't think the firewall works on blocking direct DNS requests on the device.

if I ping from my Mac Google DNS I can see them in log coming from my Mac and that they are dropped:
Code: 
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
92 bytes from r9000 (192.168.1.1): Communication prohibited by filter
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 1686   0 0000  3f  01 9369 192.168.1.2  8.8.8.8

However when I run nslookup google.com 8.8.8.8 I get:
Code: 
Server:        8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:    google.com
Address: 216.58.198.78

So why does domain name resolving via Google DNS work if it is blocked?
 
primitivo said:
So why does domain name resolving via Google DNS work if it is blocked?
Click to expand...
As I tried telling you earlier: If you install adguard home via kamoj add-on (which I saw in another thread you did) then the kamoj add-on arranges that all DNS traffic is redirected to Adguard home.
(it adds a few iptables redirect rules).

So you are getting a reply because Adguard is answering to the 8.8.8.8 nslookup request.
 
R. Gerrits said:
As I tried telling you earlier: If you install adguard home via kamoj add-on (which I saw in another thread you did) then the kamoj add-on arranges that all DNS traffic is redirected to Adguard home.
(it adds a few iptables redirect rules).

So you are getting a reply because Adguard is answering to the 8.8.8.8 nslookup request.
Click to expand...
Thanks for clarification but I don't think everything works properly as it should. I will give you an example:

1. I use ControlD with 2 profiles: Main profile and let's call it Android TV profile.
2. Each profile gets its own DoH / DoT URL.
3. In Adguard's main upstream DNS settings I put Main Profile DoH / DoT of ControlD.
4. In Adguard's clients setting I setup Android TV as a client and it has its own ControlD DoH / DoT Android TV profile in upstream servers.
5. In ControlD on main profile I have Netflix redirected to X country.
6. In ControlD Android TV profile I have Netflix completely turned off.

How come after some period of time I can see in Netflix logs IPs from the Main Profile of ControlD?
Either Adguard is disregarding Client settings sometimes and resolving through main upstream resolvers or there is a bug in ControlD custom profiles. However I was not able to reproduce this with any other client or ControlD service (but on the other hand other services are not so demanding as Netflix, so it is harder to check it too).
 
primitivo said:
Thanks for clarification but I don't think everything works properly as it should. I will give you an example:

1. I use ControlD with 2 profiles: Main profile and let's call it Android TV profile.
2. Each profile gets its own DoH / DoT URL.
3. In Adguard's main upstream DNS settings I put Main Profile DoH / DoT of ControlD.
4. In Adguard's clients setting I setup Android TV as a client and it has its own ControlD DoH / DoT Android TV profile in upstream servers.
5. In ControlD on main profile I have Netflix redirected to X country.
6. In ControlD Android TV profile I have Netflix completely turned off.

How come after some period of time I can see in Netflix logs IPs from the Main Profile of ControlD?
Either Adguard is disregarding Client settings sometimes and resolving through main upstream resolvers or there is a bug in ControlD custom profiles. However I was not able to reproduce this with any other client or ControlD service (but on the other hand other services are not so demanding as Netflix, so it is harder to check it too).
Click to expand...

This seems to be an issue inside Adguard, and have nothing to do with Kamoj or Aegis.
Better check this issue directly with Adguard. Perhaps they can advice you to check some logs or so, or enable debug logging.
 
You must log in or register to reply here.

Similar threads

HELLO_wORLD
Aegis Aegis (simple yet effective protection)
15 16 17
Replies
327
Views
36K
Jake77
J
HELLO_wORLD
Aegis aegis: a firewall blocklist
7 8 9
Replies
177
Views
20K
HELLO_wORLD
HELLO_wORLD
HELLO_wORLD
Aegis Aegis 1.7.0 beta
2
Replies
29
Views
4K
HELLO_wORLD
HELLO_wORLD
Voxel
Voxel To unregistered readers of SNB forums
2 3
Replies
53
Views
9K
Voxel
Voxel
HELLO_wORLD
Aegis The future of Aegis
Replies
4
Views
2K
HELLO_wORLD
HELLO_wORLD

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 839 (members: 31, guests: 808)
Top