Hi everyone!
I’m new to the forum and also a beginner when it comes to network security. First of all, I want to thank you all for your amazing contributions to this community!
I have some question regarding Skynet.
1) As I understand, by default, it blocks incoming traffic from suspicious IPs. However, wouldn’t it be better if it used DROP instead? From what I’ve learned, the main advantage of using DROP is that it doesn’t send any response to the origin of the request, making it impossible for the sender to determine if there is a host at the targeted IP and port.
Currently, I see multiple logs like this every second:
[BLOCKED - INBOUND] IN=ppp0 OUT= MAC= SRC=206.168.34.140 DST=xxx.xxx.xxx.xxx
Wouldn’t it make more sense to simply DROP these connections to avoid sending any kind of response?
2) Additionally, I’ve installed the basic version of Skynet and selected “ALL” for traffic filtering. However, I don’t understand how Skynet interacts with iptables. I tried running iptables --list to check the rules that I assume Skynet should have added, but I couldn’t find anything. This leaves me confused about how exactly Skynet handles traffic blocking.
3) Finally, if I wanted to add a country-based blocklist, would that also prevent me from accessing websites hosted on IPs from those countries? Or is it possible to configure the blocklist to only affect incoming traffic to my router while still allowing outgoing traffic (e.g., accessing websites hosted in those countries)?
Thank you so much for any insights you can share on these topics! I’ve been learning a lot recently but haven’t found a detailed discussion on these specific points yet.
My router is an ASUS AX86U.
Thanks again!
I’m new to the forum and also a beginner when it comes to network security. First of all, I want to thank you all for your amazing contributions to this community!
I have some question regarding Skynet.
1) As I understand, by default, it blocks incoming traffic from suspicious IPs. However, wouldn’t it be better if it used DROP instead? From what I’ve learned, the main advantage of using DROP is that it doesn’t send any response to the origin of the request, making it impossible for the sender to determine if there is a host at the targeted IP and port.
Currently, I see multiple logs like this every second:
[BLOCKED - INBOUND] IN=ppp0 OUT= MAC= SRC=206.168.34.140 DST=xxx.xxx.xxx.xxx
Wouldn’t it make more sense to simply DROP these connections to avoid sending any kind of response?
2) Additionally, I’ve installed the basic version of Skynet and selected “ALL” for traffic filtering. However, I don’t understand how Skynet interacts with iptables. I tried running iptables --list to check the rules that I assume Skynet should have added, but I couldn’t find anything. This leaves me confused about how exactly Skynet handles traffic blocking.
3) Finally, if I wanted to add a country-based blocklist, would that also prevent me from accessing websites hosted on IPs from those countries? Or is it possible to configure the blocklist to only affect incoming traffic to my router while still allowing outgoing traffic (e.g., accessing websites hosted in those countries)?
Thank you so much for any insights you can share on these topics! I’ve been learning a lot recently but haven’t found a detailed discussion on these specific points yet.
My router is an ASUS AX86U.
Thanks again!
