What's new

Skynet Is default firewall good enough?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BreakingDad

Very Senior Member
Sorry if this has been asked before, I just wanted opinions.

Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet?

We also all have malwarebytes premium installed, trendnet on and adguard with all protections on.

The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

The paranoid part of me (which is quite a large part of me) is concerned though that not running it is compromising the security of my homenetwork.

Thoughts?
 
If you open inbound ports from the internet (e.g. VPN servers, port forwards, etc), Skynet is a good idea to keep the known bad guys out. If nothing is open from the outside, then you could probably do without it.
 
Sorry if this has been asked before, I just wanted opinions.

Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet?

We also all have malwarebytes premium installed, trendnet on and adguard with all protections on.

The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

The paranoid part of me (which is quite a large part of me) is concerned though that not running it is compromising the security of my homenetwork.

Thoughts?
I don't go any where without skynet turned on.
 
The real additional benefit is the outbound blocking. That's also the biggest PITA, when it has false positives and blocks things that prevent you from doing what you want.

If that's worth it, only you can answer :)
 
Sorry if this has been asked before, I just wanted opinions.

Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet?

We also all have malwarebytes premium installed, trendnet on and adguard with all protections on.

The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

The paranoid part of me (which is quite a large part of me) is concerned though that not running it is compromising the security of my homenetwork.

Thoughts?
Can’t say I’ve noticed any slowdowns when it’s been enabled for me.
 
The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

You have answered your own question. With the default blocklists used - potential small benefits with potential big headaches.
 
I've put it back on, no idea why it caused the slow down briefly, it's never done that before. Reinstall seems to have fixed it and I whitelisted the battlenet and roblox stuff it was blocking. All good
 
I only have firehol_level1 on my firewall. It works well with very few false positives. I don't remember if Skynet can use custom blocklists.
 
Same here.....

The experience usually comes this way:

1) a new blocking tool discovered, very powerful
2) a new blocking obsession developed, very strong
3) new unpaid support job accepted, in training
4) WAN connection is getting closer to what LAN is
5) politics what's good for the general population fail
6) all best efforts to fit the new job position fail
7) wife locks the bedroom door, the couch is available
8) the couch is found not very comfortable
9) support job resignation, in talks to use the bedroom
10) the tool uninstalled, settings back to default

:)
 
I only have firehol_level1 on my firewall. It works well with very few false positives. I don't remember if Skynet can use custom blocklists.
I'm using firehol_level1 and firehol_webclient with Skynet. I also use OISD Basic with Diversion and Unbound's DNS firewall (URLHaus) in addition to AiProtection. I've encountered very few false positives with this setup.
 
Last edited:
even one block to a malicious site is enough for me to keep Skynet running

And one block to the DNS server you use is enough to remove it. Like it happened with Quad9 already. You decide. It's your network after all.
 
Skynet seems to be doing a good job, as usual. Currently, I am seeing lots of blocked inbound attempts from one particular IP address:-
Screenshot - 11_02_2022 , 10_23_16.jpg
 
Same here.....
What do you two mean by "I only use firehol_level1 on my firewall"? If not via Skynet, are you talking about some other firewall not native to the router?

Thanks.
 
are you talking about some other firewall

pfBlockerNG on pfSense in my case.

You have to use custom blocking list in Skynet. The default is this one:


What we use is this one only:


And a description what it is here:

 
pfBlockerNG on pfSense in my case.

You have to use custom blocking list in Skynet. The default is this one:


What we use is this one only:


And a description what it is here:


Thank you!
 
pfBlockerNG on pfSense in my case.

You have to use custom blocking list in Skynet. The default is this one:


What we use is this one only:


And a description what it is here:

Does the level 2 or level 3 include level 1? or are they all completely different?
 
Does the level 2 or level 3 include level 1? or are they all completely different?
It looks like they're all different, and contain a different number of IPs:

NameCIDRsIP Addresses
FireHOL Level 12,739567,889,627
FireHOL Level 219,64134,029
FireHOL Level 319,79137,945

Firehol 1:
# A firewall blacklist composed from IP lists, providing
# maximum protection with minimum false positives. Suitable
# for basic protection on all internet facing servers,
# routers and firewalls. (includes: bambenek_c2 dshield feodo
# fullbogons spamhaus_drop spamhaus_edrop sslbl ransomware_rw)

Firehol 2:
# An ipset made from blocklists that track attacks, during
# about the last 48 hours. (includes: blocklist_de dshield_1d
# greensnow)

Firehol 3:
# An ipset made from blocklists that track attacks, spyware,
# viruses. It includes IPs than have been reported or
# detected in the last 30 days. (includes: bruteforceblocker
# ciarmy dshield_30d dshield_top_1000 malc0de
# maxmind_proxy_fraud myip shunlist snort_ipfilter
# sslbl_aggressive talosintel_ipfilter vxvault)
 
If anyone's interested, I've been using my own custom filter list for Skynet... plug this URL into Skynet and profit:

Code:
https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list

And yes, it contains all 3 Firehol lists as well. ;)
 
If anyone's interested, I've been using my own custom filter list for Skynet... plug this URL into Skynet and profit:

Code:
https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list

And yes, it contains all 3 Firehol lists as well. ;)
Thanks for taking the time to share with us. I highly appreciate it.

As a reward: I also want to share a list of IP's for highly elusive nasties

 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top