Well, said with one phrase: it's too complicated for me...
If whitelist function is there, then i guess it's there for the reason that i can enter an IP/domain.... and it's permanently whitelisted, right ? Or am i mistaken? Otherwise it wouldn't be there...
Interesting thing is when i insert domain into whitelist it's not domain which is entered, but rather IP. I can't find where i could enter domain only, always only IP is the one it's entered, so if that IP changes we have a problem, sure. Although I’m pretty sure that my national bank and Sony's update pages use static IP's. And i'm pretty sure that these pages don't contain any viruses or malware.
So, yes, i do expect that if i enter an IP into whitelist that it is “set and forget” thing.
I’m not a programmer. As a consequence, from all you wrote and from all i understood above explanation i think that skynet is written more or less only for those who are prepared to “maintain” it on daily basis to keep it working. Maybe it's safer this way... but, sadly, not for me. I just don't have time for daily maintaining.
And, by all means, i don‘t mean anything bad!! I know that author does this in his spare time and free of charge and i respect it!
Hmm, will try to explain it though its far more advanced.
Yes if you insert a domain it will convert that to an IP so that Skynet knows what to do with it(the exact moment you enter it, and this will auto update to the IP that Skynets sees in the exact moment when in auto updates its lists and delete the old IP it had stored).
(thou caching IPs would kind of fix this).
This is because, Skynet or rather the tools it uses iptables(netfilter the linux firewall) works with IP addresses or mac-addresses on its fundamental level, and has no grasp of what an domain name even is.
So when you enter a domain,
Skynet will convert this to an IP(to make skynet understand) and for that it uses your routers DNS server to find that IP and then put it into its list block/white, however this IP could change.
And this is why DNS servers was invented so we dont have to keep track of every IP.
Which will answer your question. --- ("Although I’m pretty sure that my national bank and Sony's update pages use static IP's")
No, they absolutely dont, sure they have a range of IP addresses they use.
The reason(to make it simple),
Think of a supermarket, you wouldn't want everyone(100ppl) to stand in one line when you have 10 cash registers(10 IP´s)., so you spread them out.
This is why you will get different IP´s from time to time.
In the old days, we pretty much used static IP and the "supermarket" sorted its lines behind load balancers.
But nowadays we use CDN´s so all this/parts is covered by DNS servers,
So for an example you could get a faster download by connecting to a closer server, netflix, steam etc...
(Still ofc we have the load balancers).
So in your bank example,
Even if you are abroad you will most likely connect to a local server center to download all of the web content(different IP) to make it faster but one connection will go back "home" to their static(IP) Database so they can maintain full security.
Hope this kind of makes some sense?
So basically if something is blocked enter the IP, or the ASN from previous post or IP range in Skynet. (This will make it kind of set and forget).
And Skynet inset written for "advanced" IT its to make it simple.
It is really super simple at its core.
If you enable "Inbound" block everything from the list we downloaded to enter your network from the Internet.
If you enable "Outbound" block everything from "the same list" to reach the internet.
So "Inbound" we will simply still be able ta wave to the internet "here i am" but the internet cant "wave back" and ask how are you?
And "Outbound" wont let you wave to your friends on the Internet in the first place.
But as first of check the lists and you probably wont have these issue at all, you also have a custom list option in Skynet to add your own list(of lists) or simply remove one.
(Added my own collection myself since firehol project seems to be abandoned, used their source lists instead )
A simple trusted list will still make you alot more secure then lets say things like a dns blocker like diversion ever will (at least for Viruses/malware).
Today pretty much all malware has its own bundled dns server so things like diversion/pihole makes less sense for that purpose.
So I would re enable Skynet! and spend a tiny amount to maybe change some lists, then add an Ip range or two and then it would be abit of "set and forget".
For an example this is what I am running right now with Skynet,
https://raw.githubusercontent.com/macexx/blocklist/main/iplist.list (99% the same as Skynet but removed problematic firehol lvl3 and used its core lists but removed vxvault)
Worked out great
Simply -- option 3 -> option 2 -> paste list
