I have WeMo switches and Hue lightbulbs. As long as I don't require remote access I can "iot ban" them in Skynet?This version focuses on IOT security.
Err, that's unusual. The process on newer devices should only take ~20s. Would you mind giving me the output from manually running banmalware?
[i] Downloading filter.list | [0s]
[i] Refreshing Whitelists | [2s]
[i] Consolidating Blacklist | [3s]
[i] Filtering IPv4 Addresses | [2s]
[i] Filtering IPv4 Ranges | [0s]
[i] Applying New Blacklist | [3s]
[i] Refreshing AiProtect Bans | [1s]
[i] Saving Changes | [2s]
[i] For Whitelisting Assistance -
[i] https://www.snbforums.com/threads/skynet-asus-firewall-addition.16798/#post-115872
=============================================================================================================
[#] 154012 IPs (+2141) -- 1657 Ranges Banned (+167) || 1101 Inbound -- 0 Outbound Connections Blocked! [banmalware] [14s]
Not so much. This disables wan access too these devices, not local access.I have WeMo switches and Hue lightbulbs. As long as I don't require remote access I can "iot ban" them in Skynet?
I have WeMo switches and Hue lightbulbs. As long as I don't require remote access I can "iot ban" them in Skynet?
Ha! Fourteen seconds now, and that is with a Twitch stream running.
I have WeMo switches and Hue lightbulbs. As long as I don't require remote access I can "iot ban" them in Skynet?
Yes, I know.For Hue, it is only the bridge that uses your network (bulbs communicate with it using Zigbee). You will be able to control everything locally without that.
When I reboot this always happens and my firewall restarts just before the end of the reboot process. Any ideas why? What rule is being violated?Code:Jan 28 10:17:55 Skynet: [*] Rule Integrity Violation - Restarting Firewall [#1]
ipset -L -n Skynet-Whitelist >/dev/null 2>&1 || { fail="1"; return 1; }
In regards to custom edits, I'm not sure what you mean. I have not messed with the install in any way and it's a fresh install on the new 384.9 beta1 last night.Code:ipset -L -n Skynet-Whitelist >/dev/null 2>&1 || { fail="1"; return 1; }
So essentially the first check is failing as IPSet is getting nuked at some point. I can't reproduce this on a fresh install (nor have I seen any reports), do you have any custom edits that may be interfering?
In regards to custom edits, I'm not sure what you mean. I have not messed with the install in any way and it's a fresh install on the new 384.9 beta1 last night.
The only scripts I have that involve ipset would be Skynet and FreshJR_QOS, unless something else is that I don't know about.So what is happening is that when services-stop is executed on reboot, Skynet issues a save command to dump everything from the ram to a hard copy. Theoretically Skynet should still be fully functional at this point.
For whatever reason, your IPSet has already been nuked from the ram at this point, so when Skynet issues the save command it notices a rule violation and triggers a restart_firewall event.
Which brings me back to the point that something out of the ordinary is happening around this time (that’s assuming this is a consistent issue and not a one off fluke).
Banned the WeMo switches (as a test) and the WeMo App could immediately no longer see them, even though my iPhone was on the same local network...Feel free to give it a test and report back.
Banned the WeMo switches (as a test) and the WeMo App could immediately no longer see them, even though my iPhone was on the same local network...
(Homekit/homebridge still could communicate with them though)
Did not test.That is awesome news. I presume that is also true for the Hue integration w/ Homekit?.
When you run “firewall” to invoke Skynet, go into Settings and there is a Filter option for inbound, outbound or all. If you also enable BanAIProtect in settings, Skynet will automatically block the unique dynamic IPs that AiProtect detects hitting your own router.I am very new to skynet but have a couple questions. I did do some searching in this thread but there are almost 190 pages of posts, its a lot to search to find something. And yes, I did use the search function, since I know there are some search nazis around.
1) Is there a way to show the country in the stats? Specifically, I try to block countries and not IP's whenever possible. I use the country function to block, but when I look at stats to see what things have been blocked, it shows the IP and the link to alienvault, but it would be great if it showed the country. That way I could just add that country to the list and move on.
2) Is there a way to tell skynet to block ALL countries except x? So basically a country whitelist? In my case, that would make it easier.
3) When I installed skynet, it asked if I wanted to block incoming, outgoing, or both. I chose only incoming because I know it will likely not break anything. Is it possible to add outgoing later? I have not seen that but again I am new to it. I may never do it because I do not really want to have to deal with all the failures of all the services in my house, but just wondering.
4) Since I am new to skynet, are there anything I should definitely do or avoid? Just thinking any gotchas or must-haves that you guys may have learned along the way.
Thanks for this stuff BTW. So far, it looks very good.
Also, what do you guys think about the Network Protection stuff thats built-in? Is it any good or ignore it? I like more security, but I also do not want to put a heavy burden on the router or cause a bunch of headaches of stuff getting blocked that shouldn't.
When you run “firewall” to invoke Skynet, go into Settings and there is a Filter option for inbound, outbound or all. If you also enable BanAIProtect in settings, Skynet will automatically block the unique dynamic IPs that AiProtect detects hitting your own router.
I find most of the benefit of Skynet to be in outbound protection since I do not have anything open to the internet on my network. Only a few obscure websites have been blocked outbound by Skynet’s protection (which uses publicly available block lists). I don’t think you’re looking at much work as compared to Diversion adblocking breaking a site or app.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!