What's new

Skynet Filter Validator v0.7 - Skynet Firewall Filter List IPv4 Integrity Validator

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@Ubimo has Starlink and it uses a Private IP, will Skynet not work anymore with Starlink (break)? see comment by Adamm below reference.

See discusssion here, post #374 forward: https://www.snbforums.com/threads/is-default-firewall-good-enough.76648/page-19

See post #386 by @Adamm

Thanks.
Skynet filters private out of the actual list used in the ipset. Don't just take my word for it, it is in the actual skynet code.


Notice the | Filter_PrivateIP pipe?

@Adamm didn't just place that there because he thinks it looks cool.
 
Last edited:
Last edited:
But does yours show in RED? (the IP Address) like POST #374 & POST #382, Here: https://www.snbforums.com/threads/is-default-firewall-good-enough.76648/page-19

Also, who are using for a provider, as I'm looking into T-Moble Home Internet Service for a family member, and trying to anticipate problems and my own learning curve?

Any insight would be great.
Yes it is. Skynet even give me a warning but it works.

Code:
Mar 4 13:46:23 Skynet: [*] Private WAN IP Detected 100.66.x.xx - Please Put Your Modem In Bridge Mode / Disable CG-NAT
 
One last hurrah for Filter Validator with a final release to v0.7... just wanted to add the necessary verbiage to indicate here in this thread and in the script that Skynet v7.3.6 contains all the necessary regex fixes (with many thanks to @SomeWhereOverTheRainBow for that!), which were wholly inspired by Filter Validator. This tool will still be able to play some valuable roles:
  • Determine if your blacklist operators are actually maintaining their lists with valid IPs... ones that don't (perhaps, like Threatview), should be considered "fringe", and may cause more issues down the road for you.
  • Indicate how many entries are in each of the blacklist(s)... know that Skynet does have a max limit of 500,000... and this will give you some indication if you're getting close to this max. (thought Skynet may also do some form of dedupe as well to bring that number down a bit)
  • Determine if blacklist operators are still supporting their lists... some may drop off the planet, or no longer exist. You would get no indication of this happening within Skynet, but Filter Validator will definitely let you know as shown below:
1678535761359.png
 
They could probably use some help on OpenWrt.

Woof... That sounds like opening a big can of worms! Lol
 
One last hurrah for Filter Validator with a final release to v0.7... just wanted to add the necessary verbiage to indicate here in this thread and in the script that Skynet v7.3.6 contains all the necessary regex fixes (with many thanks to @SomeWhereOverTheRainBow for that!), which were wholly inspired by Filter Validator. This tool will still be able to play some valuable roles:
  • Determine if your blacklist operators are actually maintaining their lists with valid IPs... ones that don't (perhaps, like Threatview), should be considered "fringe", and may cause more issues down the road for you.
  • Indicate how many entries are in each of the blacklist(s)... know that Skynet does have a max limit of 500,000... and this will give you some indication if you're getting close to this max. (thought Skynet may also do some form of dedupe as well to bring that number down a bit)
  • Determine if blacklist operators are still supporting their lists... some may drop off the planet, or no longer exist. You would get no indication of this happening within Skynet, but Filter Validator will definitely let you know as shown below:
View attachment 48428

That really is awesome. Thank you guys for your work :)
 
Last edited:
I noticed a big decline in IPs from this list: (now ~216.000 IPs, some days ago ~400.000 IPs)
Is this list still "good"? Or do you recommend another list/link?
Thanks in advance!
It looks like this one blacklist (https://myip.ms/files/blacklist/general/latest_blacklist.txt) contains IP6 entries, which may be gumming them up... not sure if Skynet filters for those, though I could have sworn it did... perhaps @SomeWhereOverTheRainBow can give us his take?
 
It looks like this one blacklist (https://myip.ms/files/blacklist/general/latest_blacklist.txt) contains IP6 entries, which may be gumming them up... not sure if Skynet filters for those, though I could have sworn it did... perhaps @SomeWhereOverTheRainBow can give us his take?
Skynet filter does not actually use any ipv6 entries. So the only thing skynet would catch is ipv4 entries. It is quite possible, the creators of that list aggregated some of the ipv4 entries, and some of the single ip addresses are now grouped as ranges. If this were the case, that would explain why such a large drop in addresses.
 
Thanks, but unfortunately this list blocked my e-mail and music stream.
That's strange. I wonder if they are commonly mistaken, or have ever been used as an attack vector then. Sometimes honest services end up on lists because they are easily exploited , or have been associated with reputation issues in the past. Hard to say.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top