Skynet Is default firewall good enough?

[Viktor Jaep]

Why?

I think there was an initial bug, but was fixed almost same day. I'm running the latest version of skynet with no issue...

 

[Mister2088]

@Mister2088

I wrote a simple spamhaus_drop and dshield processing script using GitHub Actions that automatically updates roughly every 30 minutes.

Processed spamhaus_drop:

https://raw.githubusercontent.com/UoFruitE/ProcessedLists/main/processed_drop.txt

Processed dshield:

https://raw.githubusercontent.com/UoFruitE/ProcessedLists/main/processed_dshield.txt

They should work with Skynet.

Hopefully firehol can fix their problem soon.

Looks like Firehol has fixed Spamhaus_drop . It has a file date = Wed Jan 4 21:00:02 UTC 2023

Dshield still remains an issue.

Have a look:

https://iplists.firehol.org/files/spamhaus_drop.netset

 

[ColinTaylor]

For the blocking lists, this discussion has been to use Skynet to do the blocking. But what if you added a blocking list to Diversion, say firehol_level1? Is it equally as effective as adding it to Skynet?

firehol_level1 is a list of IP addresses. Diversion blocks by hostname.

 

[Skeptical.me]

Does anyone have a starters list and a decent whitelist they can share, I don’t want or really need a massive list, because I wouldn’t have a clue how to troubleshoot issues with it

 

[Mogsy]

Does anyone have a starters list and a decent whitelist they can share, I don’t want or really need a massive list, because I wouldn’t have a clue how to troubleshoot issues with it

This is where creating your own list to meet your needs is useful. Some lists are overkill for home use. Maybe try Skynet’s default?

 

[Skeptical.me]

This is where creating your own list to meet your needs is useful. Some lists are overkill for home use. Maybe try Skynet’s default?

Yeah, that sounds like a good idea. I’m only a beginner when it comes to Skynet so I think starting with the default list is a good idea. With the default is that automatically applied or is there something I have to do?

Edit: Never mind, I found Adamm’s default list

https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/filter.list

 

[Mogsy]

Yeah, that sounds like a good idea. I’m only a beginner when it comes to Skynet so I think starting with the default list is a good idea. With the default is that automatically applied or is there something I have to do?

It is. In Skynet just go to option 3 and update list. You might need to whitelist whatever breaking your app/site etc. I have a few outbound blocks but nothing breaks I just leave it be.

 

[Skeptical.me]

It is. In Skynet just go to option 3 and update list. You might need to whitelist whatever breaking your app/site etc. I have a few outbound blocks but nothing breaks I just leave it be.

Why is Skynet saying it is blocking these devices, should I do something to stop it from occurring? Or is this just how Skynet blocks certain outbound traffic?

 

[Mogsy]

View attachment 46956

Why is Skynet saying it is blocking these devices, should I do something to stop it from occurring? Or is this just how Skynet blocks certain outbound traffic?

SSH into your router and see the stats. Or click the OTX link for IP indicator. Someone will advise you that built in router is good enough if you dont have the time to troubleshoot whats broken. Anything broke/not working?

 

[Mogsy]

View attachment 46956

Why is Skynet saying it is blocking these devices, should I do something to stop it from occurring? Or is this just how Skynet blocks certain outbound traffic?

That Phillips-Hue looks like IoT blocking. I have Philips-Hue bridge on YazFi Guest one way Samsung TV. There were huge inbound/outbound blocked from my Samsung before

 

[Skeptical.me]

SSH into your router and see the stats. Or click the OTX link for IP indicator. Someone will advise you that built in router is good enough if you dont have the time to troubleshoot whats broken. Anything broke/not working?

No everything appears to be working fine so far, I’ve got some countries blocked so maybe it’s just some servers these devices are trying to connect to.

 

[chongnt]

View attachment 46956

Why is Skynet saying it is blocking these devices, should I do something to stop it from occurring? Or is this just how Skynet blocks certain outbound traffic?

It means those blocked outbound are initiated from these devices.

 

[Skeptical.me]

It means those blocked outbound are initiated from these devices.

Sorry, I’m a noob when it comes to firewalls, what do you mean by initiated? The devices themselves are being blocked?

 

[Skeptical.me]

Thanks, everyone for your help, I really appreciate the guidance

 

[chongnt]

Sorry, I’m a noob when it comes to firewalls, what do you mean by initiated? The devices themselves are being blocked?

The blocked outbound packet is coming from one of the devices in my home network. Not everything from this device is blocked. Only the outbound packet that matches the rules are blocked. Other than top 10 blocked outbound IP addresses, it also record the top 10 devices which has outbound packet blocked.

Here is a sample the other day when it hit the outbound blocked destination IP 34.117.59.81. It also record down the source IP 192.168.1.91 which is my laptop.

Jan  3 16:00:45 RT-AC86U-DBA8 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:db:a8:xx:xx:xx:xx:00:01:08:00 SRC=192.168.1.91 DST=34.117.59.81 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=41445 DF PROTO=TCP SPT=63067 DPT=80 SEQ=1282142074 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)

 

[Skeptical.me]

The blocked outbound packet is coming from one of the devices in my home network. Not everything from this device is blocked. Only the outbound packet that matches the rules are blocked. Other than top 10 blocked outbound IP addresses, it also record the top 10 devices which has outbound packet blocked.

Here is a sample the other day when it hit the outbound blocked destination IP 34.117.59.81. It also record down the source IP 192.168.1.91 which is my laptop.

Jan  3 16:00:45 RT-AC86U-DBA8 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:db:a8:xx:xx:xx:xx:00:01:08:00 SRC=192.168.1.91 DST=34.117.59.81 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=41445 DF PROTO=TCP SPT=63067 DPT=80 SEQ=1282142074 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)

Ok, I see. Thanks for explaining that.

 

[Mister2088]

Looks like Firehol has fixed Spamhaus_drop . It has a file date = Wed Jan 4 21:00:02 UTC 2023

Dshield still remains an issue.

Have a look:

https://iplists.firehol.org/files/spamhaus_drop.netset

@UoFruitE : Although firehol indicates it has updated spamhaus_drop (guess I was bored), there differences. e.g. 26 nets are not in FH list. I am not sure if firehol applies some sort of whitelist in their processing, as this could explain it. Anyway, I will continue to use your lists until you decide to disable. Let me know. Thanks!

 

[John Fitzgerald]

Why?

The issue has been fixed.

 

[commodoro]

Since I was also interested in using a personal list, but not having an account on github, I studied the script code a bit and did a little trick to read a file directly on the router.

first I created the filter.list file in the following path:

/jffs/configs/filter.list

copied inside as an example the following URLS

https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt
https://raw.githubusercontent.com/stamparm/ipsum/master/levels/4.txt
https://raw.githubusercontent.com/stamparm/ipsum/master/levels/5.txt
https://raw.githubusercontent.com/stamparm/ipsum/master/levels/6.txt
https://raw.githubusercontent.com/stamparm/ipsum/master/levels/7.txt
https://iplists.firehol.org/files/alienvault_reputation.ipset
https://iplists.firehol.org/files/bds_atif.ipset
https://iplists.firehol.org/files/cybercrime.ipset
https://iplists.firehol.org/files/dyndns_ponmocup.ipset
https://iplists.firehol.org/files/et_block.netset
https://iplists.firehol.org/files/et_compromised.ipset
https://iplists.firehol.org/files/firehol_level2.netset
https://iplists.firehol.org/files/firehol_level3.netset
https://iplists.firehol.org/files/spamhaus_edrop.netset
https://iplists.firehol.org/files/urlvir.ipset

then I modified the skynet.cfg configuration file in the skynet installation path and modified the configuration entry as follows:

customlisturl="file:///jffs/configs/filter.list"

and via the firewall script menu launched the update (3 > 1) and everything worked properly.

View attachment 46948

I don't know if it can be useful but I wanted to share my experience

Greetings
Commodoro

Small addition.

If the first update, after the changes, fails, do the following:

check that the following file contains the new list

/jffs/addons/shared-whitelists/shared-Skynet-whitelist

go to the lists directory in the skynet installation path, in my case:

/tmp/mnt/sda1/skynet/lists

if the directory is empty in this scenario, the upgrade fails, I still don't understand why.

When inside the lists path, run the following command:

awk -F/ '{print $0" -Oz "$NF}' /jffs/addons/shared-whitelists/shared-Skynet-whitelist | xargs "curl" -fsLZ

If the lists directory now contains all the *.ipset/*.txt/*.netset files present inside the custom filter.list, the update now works correctly.


Greetings
Commodoro

 

[mister]

Dear all, i need your support.
Skynet is installed on my rtac86u for a while.
Now the startpage.com search page is not reachable anymore. I set via startpage.com the domain at the whitelist but no effect.
Interestingly it occurs only after reboot of my router. Direct after Installation of skynet startpage can be accessed. After reboot not. Any ideas why that could happen or what to do?