Menu
What's new
By:
Filters Better Search

Skynet Is default firewall good enough?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Tech9 said:
Yes, I do. We had a long discussion of pros and cons.

www.snbforums.com

Dual Stack home network pros and cons

Here, let's discuss the pros and cons of dual stack IPv4 and IPv6 home network. I personally have IPv6 disabled on my firewall for easier control and security reasons. My ISP provides 2x external IPv4 addresses as well as 4x IPv6 addresses. I would like to hear the benefits of running dual...
www.snbforums.com www.snbforums.com



Correct. The same applies to other firmware options. If disabled by default - there is a reason.
Click to expand...
Essentially, if you are doing it to self-educate and don't mind the potential bump in the road learning curve (experience), then it might be worth the venture to try it out. However, it should be considered whether this is the true experience the user wishes to venture down before attempting such. It should be noted that finding help overcoming learning curves with ipv6 can be just as difficult as deciding not to enable it since there are just as many people for enabling it as there is in opposition of enabling it - Not everyone is talkative in troubleshooting issues with ipv6, so that personal learning experience may be truly that- a personal learning experience.
 
SomeWhereOverTheRainBow said:
Not everyone is talkative in troubleshooting issues with ipv6, so that personal learning experience may be truly that- a personal learning experience
Click to expand...

It's hard to find if it works properly and nothing much the user can do, if it doesn't. We have some half-baked home routers as hardware running custom firmware from a developer with no IPv6 ISP available, on ISPs with different IPv6 implementations, if any. One can learn IPv6 protocol by heart and it won't make any difference. What home users can learn so much? How many sites support IPv6? Google and Facebook mostly. There is a browser plugin to show IPv4/IPv6 connections. Fun to watch. What else is there to learn from experience?
 
Tech9 said:
It's hard to find if it works properly and nothing much the user can do, if it doesn't. We have some half-baked home routers as hardware running custom firmware from a developer with no IPv6 ISP available, on ISPs with different IPv6 implementations, if any. One can learn IPv6 protocol by heart and it won't make any difference. What home users can learn so much? How many sites support IPv6? Google and Facebook mostly. There is a browser plugin to show IPv4/IPv6 connections. Fun to watch. What else is there to learn from experience?
Click to expand...
That is the whole story in a nutshell. It is one of those cannot win with it unless it is something that is truly of benefit to the individual. It really is a personal choice that majority of users probably do not need at this time. I just hope that when it comes time it is not an option, that technology is better equipped with the proper support for it instead of half-baked in.
 
Tech9 said:
Let's encourage other guys to run IPv6 and observe what happens. Sounds like a plan.

Sorry, but I don't want the hit from China over IPv6 experience on my business networks.
Click to expand...
You don't have to look very hard to get hit by China on ipv4 either. In retrospect, here is a good article that exposes some of the myths about how "secure" ipv6 is.
www.atlantic.net

What Is IPv6 and Should I Enable It?

In this technical article, we will learn all about IPv6 and discover the difference between using IPv6 locally and across the Internet.
www.atlantic.net www.atlantic.net
 
My IPv4 door has well known locking mechanism. It stops both traffic in and out in a controllable and predictable way. I don't want my network to be part of Internet.
 
Tech9 said:
Sorry, I was busy inspecting German autobahns and the electricity issues in Danmark
Click to expand...
Taking a walk on the wild side there bro.
 
I could not fully enjoy the autobahn on my way North because someone applied QoS on my rental car and it cut off power before CPU at 100%. In few days though I'm going South on a different hardware. :p
 
I need one free lane only. I'm moving a single packet.
 
Tech9 said:
Like the IPv6 ban idea.
Click to expand...
Ready for another reinvent the ipv6-wheel-megathread?

www.snbforums.com

Dual Stack home network pros and cons

If something about IPv6 is broken in Asuswrt, they must know. Don't assume that - I lead/manage a SW team - we work on things we know, not on unknowns... If people don't test and report, the bugs won't be discovered or fixed... And with recent experience on AsusWRT 386 on RT-AC68U, there is...
www.snbforums.com www.snbforums.com

Those days of high ipv6-adventure!
 
I guess I am “fortunate“ on the IPv6 question. Only one of my ISPs support IPv6 and their support is very lacking so it is disabled on my stuff. So far, I have not encountered a reason to have IPv6 enabled, but then again, I stopped online gaming over 15 years ago.
 
SomeWhereOverTheRainBow said:
Can't win if you don't play?
Click to expand...

It's a bit different gambling game. You play with all your devices and hope no one is going to win access to one or more of them. The dopamine level increases with noname IoT IPv6 capable devices.
 
SomeWhereOverTheRainBow said:
Here is the filter list i am currently rocking, (and yes any one is welcome to try it.)


View attachment 40880

And I have yet to have a false positive.
Click to expand...

I have added this and viktor jaep list to skynet for some time and it just works. Recently I noticed google images search only show whatever is on screen display. When I scroll down the page, other images are not loaded. Going through skynet blocked outbound packets, it seems some Google IP are blocked: 74.125.24.101, 74.125.24.100, 74.125.24.138. After unban these three address all the images are loading properly.
These ip seems to come from this list :
 
chongnt said:
I have added this and viktor jaep list to skynet for some time and it just works. Recently I noticed google images search only show whatever is on screen display. When I scroll down the page, other images are not loaded. Going through skynet blocked outbound packets, it seems some Google IP are blocked: 74.125.24.101, 74.125.24.100, 74.125.24.138. After unban these three address all the images are loading properly.
These ip seems to come from this list :
Click to expand...
The woes of google domains. Yep there is no guarantee that something wont have to whitelisted from list like that. However, as long as we know how to whitelist, and accepting that something might have to be whitelisted down the road, then everything should be fine. I imagine at somepoint those will get removed from the list as soon as someone reports it to the list maintainer as a false positive.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
L scMerlin Is this feature enabled by default in scMerlin? Asuswrt-Merlin AddOns 2
B Unbound Use unbound/router as default DNS server Asuswrt-Merlin AddOns 2
L Skynet I have installed the skynet firewall how do I configure it if the security of iot devices is important? Asuswrt-Merlin AddOns 2
S Skynet firewall reduces wireless range Asuswrt-Merlin AddOns 14
N Skynet SkyNet/Firewall blocking all ping requests, including outbound Asuswrt-Merlin AddOns 6
ChickenheadOS Skynet Skynet 7.5.8 Firewall UI Issues Asuswrt-Merlin AddOns 19

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 693 (members: 16, guests: 677)
Top