DonnyJohnny
Very Senior Member
So? Whitelist and get them unblock. What you waiting for?Both Alexa on a 7th Gen Fire HD and World of Tanks updater are blocked
So? Whitelist and get them unblock. What you waiting for?Both Alexa on a 7th Gen Fire HD and World of Tanks updater are blocked
Hmm, that's possible. Interestingly I can't find the specific whiteliste entry in Skynet anymore. But I also get
`touch: /tmp/mnt/sda1/skynet/events.log: Input/output error`
and then there's
Both Alexa on a 7th Gen Fire HD and World of Tanks updater are blocked
Halp - BestApp.exe or BestWebsite.com Is Being Blocked;
Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!
1.) Enable Debug Mode
Code:sh /jffs/scripts/firewall settings debugmode enable
2.) Open the blocked application/website and use the command;
Code:sh /jffs/scripts/firewall debug watch
Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.
3.) Copy the IP following "DST=" it should look something like this;
Code:DST=175.115.37.52
4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.
Code:https://otx.alienvault.com/indicator/ip/175.115.37.52/
5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!
Code:sh /jffs/scripts/firewall whitelist ip 175.115.37.52
Thanks for your hard work!!! I was looking at Comodo and Google DNS (I already have Diversion installed, and I am not sure if Diversion and a custom DNS play nicely), and was wondering if blocking at the router level is actually a better option.
What are freely available blocklists like? Could I get theoretically as good if not better protection than say with Comodo Secure DNS? If something is blocked, for example my wife going to a stupid phishing site, can it present some sort of warning page?
I'm sporting a Asus RT-AC86U with everything running too so I hope it can handle this running as well - I assume it's literally just a script working with the already running firewall.
The reports look interesting too, which is what I was looking for with Comodo Secure DNS anyway.
I'm with you. DNS filtering is nice but it seems like a 'layered' protection to me. Actual IP blocking is more solid. Where do these block lists come from and who maintains them anyway?I guess it comes down to personal preference. I like to block things at a router level myself rather then rely on a third party service.
I'm with you. DNS filtering is nice but it seems like a 'layered' protection to me. Actual IP blocking is more solid. Where do these block lists come from and who maintains them anyway?
So with Diversion + Skynet + AIProtection it should be pretty solid now, except when I leave home :-( Which I'm working on via persistent VPN.
So when say a phishing scam goes around there is a chance it may appear on these blocklists.
All the more reason to also implement on my mobile or force persistent VPN back through home.
How did you force VPN clients to use local DNS and firewall? Do you use VPN auto connect? Any side effects?
Sent from my SM-G965F using Tapatalk
can I do the following;
1) list the country abbreviations
2) select more then 1 country to block?
( sh /jffs/scripts/firewall ban country "pk cn sa" ) This Bans The Known IPs For The Specified Countries (Accepts Single/Multiple Inputs If Quoted) http://www.ipdeny.com/ipblocks/data/countries/
Thought so but whenever I tried that, only the first country seemed to get banned. Figured ‘‘twas just something stupid I did. Will try that again once I’m back home.
Thought so but whenever I tried that, only the first country seemed to get banned. Figured ‘‘twas just something stupid I did. Will try that again once I’m back home.
Thank you so much sir. You have put my mind at rest. It looked to me that it was a legit NTP request also. I'm just wondering why a USA security company installed in central Canada would need to sync time with a server in the Ukraine? Hmmm....bit of a mystery.
The positioning of the quotes is important.
This is the result of trying to ban "cn pk kp"
/jffs/scripts/firewall: /tmp/mnt/rstick/skynet/skynet.cfg: line 17: pk: not found
skynet@RT-AC86U-2EE8:/tmp/home/root# sh /jffs/scripts/firewall ban country "cn pk kp"
#############################################################################################################
# _____ _ _ __ #
# / ____| | | | / / #
# | (___ | | ___ _ _ __ ___| |_ __ __/ /_ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
# ____) | <| |_| | | | | __/ |_ \ V /| (_) | #
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ \___/ #
# __/ | #
# |___/ #
# #
## - 24/09/2018 - Asus Firewall Addition By Adamm v6.4.7 #
## https://github.com/Adamm00/IPSet_ASUS #
#############################################################################################################
[i] Banning Known IP Ranges For (cn pk kp)
[i] Downloading Lists
[i] Filtering IPv4 Ranges & Applying Blacklists
[i] Saving Changes
[#] 162618 IPs (+0) -- 7291 Ranges Banned (+5419) || 3308 Inbound -- 86 Outbound Connections Blocked! [ban] [6s]
skynet@RT-AC86U-2EE8:/tmp/home/root#
This is the result of trying to ban "cn pk kp"
/jffs/scripts/firewall: /tmp/mnt/rstick/skynet/skynet.cfg: line 17: pk: not found
Works for me, are you using the same command?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!