Skynet Is default firewall good enough?

[Ubimo]

I cannot remember, which custom filter list I put into Skynet.
Where can I see the current filter list URL in Skynet?

Edit:
And can someone please provide both, @SomeWhereOverTheRainBow and @Viktor Jaep custom filter list URL?

 

[commodoro]

Dear all, i need your support.
Skynet is installed on my rtac86u for a while.
Now the startpage.com search page is not reachable anymore. I set via startpage.com the domain at the whitelist but no effect.
Interestingly it occurs only after reboot of my router. Direct after Installation of skynet startpage can be accessed. After reboot not. Any ideas why that could happen or what to do?

At the reboot the skynet take a while to go up and running, in skynet you set in white list the IP not the symbolic URL, you can use nslookup to see the IP.

I cannot remember, which custom filter list I put into Skynet.
Where can I see the current filter list URL in Skynet?

Edit:
And can someone please provide both, @SomeWhereOverTheRainBow and @Viktor Jaep custom filter list URL?

You could see the custom filter list from CLI in the update section

For the custom list of @Viktor Jaep and @SomeWhereOverTheRainBow you can find it in previous post, just read the thread.

https://www.snbforums.com/threads/is-default-firewall-good-enough.76648/post-813860

https://www.snbforums.com/threads/is-default-firewall-good-enough.76648/post-758606


Regards
Commodoro

 

[noah way]

This is probabbly off topic, and I don’t know if it has been mentioned here before but TinyWall is an excellent free firewall for Windows machines.

it is independent of Windows defender and only allows access by programs that you specify. Some time ago I found a bitcoin miner on my system but it was unable to communicate as it had no internet access.

Features of TinyWall

Want to know what makes TinyWall so cool and secure? Read it here.

tinywall.pados.hu

 

[Phil Mcavity]

This is probabbly off topic, and I don’t know if it has been mentioned here before but TinyWall is an excellent free firewall for Windows machines.

it is independent of Windows defender and only allows access by programs that you specify. Some time ago I found a bitcoin miner on my system but it was unable to communicate as it had no internet access.

Features of TinyWall

Want to know what makes TinyWall so cool and secure? Read it here.

tinywall.pados.hu

Interesting. Thanks for sharing

 

[mister]

Dear all, i need your support.
Skynet is installed on my rtac86u for a while.
Now the startpage.com search page is not reachable anymore. I set via startpage.com the domain at the whitelist but no effect.
Interestingly it occurs only after reboot of my router. Direct after Installation of skynet startpage can be accessed. After reboot not. Any ideas why that could happen or what to do?

Ok, it was a Problem of startpage in some regions. It was just an radom behaviour and is not related to my work on skynet .

 

[Mister2088]

Firstly, Happy New Year!
With this latest Skynet issue (stupid me upgraded), I lost all connections and did a router reset and restore (probably was due anyway).
Due to this and the fact that:
1. I have seen like 1 or 2 blocks (suspect mind you) outbound over the past 6 months
2. The firewall does a great job blocking unsolicited traffic
3. I am not sure if people have noticed or not, Firehol core lists (spamhaus, dshield, feodo) are not current any longer. e.g. spamhaus is almost 4 weeks old while source file is current. I had opened up an issue in firehol's github, but no response. Loks like Firehol probably has issues with their ingestion .sh code.

I have decided to do away with Skynet.

Perhaps I'll revisit one day. Thanks @Adamm for your code.

A follow-up:
1. I have upgraded to 7.3.5. It has been running well and I like the country names in the stats.
2. As Firehol is not always up-to-date on their lists, I am using source lists, where possible, to get the data I want. example:

https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

includes a daily updated copy of 'et-block', including current copies of spamhaus_drop, dshield and feodo C&C blocks last 30 days. The format works well 'as is', for skynet to be able to ingest.
3. Although there are various opinions on the value of skynet, to me, it provides me with some comfort, although perhaps a 'false sense of security'. Therefore, for me, the value is the 1% when the firewall rules do not block inbound AND any OUTBOUND blocks. Regarding the outbound blocks which I have seen, although I use quad9 DNS, blocked servers were legit bad-guys that quad9 did not catch or where a gaming system like PS4 bypassed the DNS.

Thanks @Adamm for this great tool!

 

[Skeptical.me]

A follow-up:
1. I have upgraded to 7.3.5. It has been running well and I like the country names in the stats.
2. As Firehol is not always up-to-date on their lists, I am using source lists, where possible, to get the data I want. example:

https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

includes a daily updated copy of 'et-block', including current copies of spamhaus_drop, dshield and feodo C&C blocks last 30 days. The format works well 'as is', for skynet to be able to ingest.
3. Although there are various opinions on the value of skynet, to me, it provides me with some comfort, although perhaps a 'false sense of security'. Therefore, for me, the value is the 1% when the firewall rules do not block inbound AND any OUTBOUND blocks. Regarding the outbound blocks which I have seen, although I use quad9 DNS, blocked servers were legit bad-guys that quad9 did not catch or where a gaming system like PS4 bypassed the DNS.

Thanks @Adamm for this great tool!

Is that list regularly updated? Thanks for sharing

 

[laracroftonline]

this is my list for if you want a big one

https://strongervision.net/skynet/custom.list

 

[Mister2088]

Is that list regularly updated? Thanks for sharing

Their website says it is updated Monday to Friday. Why not on weekends, who knows.

 

[Skeptical.me]

Their website says it is updated Monday to Friday. Why not on weekends, who knows.

I added it, thanks. They must take the weekend off from internet threats lol

 

[Skeptical.me]

How do you create a github list that ends in .list ?

 

[Phil Mcavity]

How do you create a github list that ends in .list ?

Create a repo and name it filter.list

 

[Skeptical.me]

Create a repo and name it filter.list

View attachment 47107

I figured it out:

Github Profile > Repositories > New > Repository Name > Description > Public > Create Repository > Creating a new file > Name your file “name.list” > Add content > Commit new file > Raw

 

[Ubimo]

this is my list for if you want a big one

https://strongervision.net/skynet/custom.list

How often do you update the list and which sources are included?

 

[Blacklistedcard]

Its sad that we need to have skynet and the lists. I have over 30,000 inbound drops today alone. I would like to take the time and thank all the people that ruin the Internet for everyone.

 

[Gary_Dexter]

Its sad that we need to have skynet and the lists. I have over 30,000 inbound drops today alone. I would like to take the time and thank all the people that ruin the Internet for everyone.

Most of which (if not all) would be blocked by the default firewall anyway. You just wouldn’t see it unless you have logging turned on

 

[Tech9]

Most of which (if not all) would be blocked by the default firewall anyway.

Correct and an example of folks installing scripts they may not even need.

 

[SomeWhereOverTheRainBow]

Correct and an example of folks installing scripts they may not even need.

Definitely it would be blocked on incoming by default (if no ports have been open), but not necessarily on the outbound. But we are under the impression that if the user is filtering the outbound, then they either know what they are doing or have a particular reason to.

 

[Tech9]

then they either know what they are doing or have a particular reason to

"We need to have Skynet" tells me this is perhaps not the case. @Blacklistedcard clearly doesn't know Skynet marks IPs as blocked when there is a match in blocklists. The larger the blocklist is - the bigger the number of "blocked" IPs. The same IPs will be blocked silently without Skynet by the built-in firewall. And here is the avalanche effect - the user sees 5k blocked IPs and starts freaking out. They add more blocklists and the number of blocked IPs jumps to 10k. Under attack panic kicks in - more blocklists added, blocked IPs jump to 30k. The setting below without Skynet installed demonstrates how the built-in firewall works (in Firewall, General). I'm sure it blocks >30k incoming usual Internet background noise connections a day:

Warning: This setting will start filling the syslog immediately with multiple blocked connections making it hard to see/find what's more important.

 

[Blacklistedcard]

Definitely it would be blocked on incoming by default (if no ports have been open), but not necessarily on the outbound. But we are under the impression that if the user is filtering the outbound, then they either know what they are doing or have a particular reason to.

I have multiple ports opened.