Hi All!
I have a Asus router that I bought about 3 months ago, recently I started to focus more on network security because my home server was hacked previously. I have Pi-hole on my whole network and I want to have a secure firewall on my router.
This is my configuration (from Skynet):
First I tried to set custom domains to ban on the stock Merlin's firmware and after testing, the conclusion was that the firewall doesn't filter those IPs/domains I set before. So after this, I've found Skynet, I installed it, right after checked the router's GUI and Skynet's stats were blank. They continued to be blank after reboot, later I changed log level to debug on the router logs page (on GUI), I went back and suddenly I saw that Skynet begun to work. Later I started testing and added custom rules to ban domains, turns out the router doesn't block my rules.
However, looking at the logs, there are some blocking is going on, but not the predetermined rules.
Doing debug on Skynet, all tests came back ok:
Additionally I disabled Pi-hole during my tests, so a particular domain wouldn't be filtered on DNS level.
I have no idea what next, probably I'm going to reinstall Skynet while formatting my attached flash drive. If there's anyone who could help me, give some tips, I'd appreciate it!
I have a Asus router that I bought about 3 months ago, recently I started to focus more on network security because my home server was hacked previously. I have Pi-hole on my whole network and I want to have a secure firewall on my router.
This is my configuration (from Skynet):
Code:
Router Model; RT-AC86U
Skynet Version; v7.3.5 (09/01/2023) (702ee3895944085a17abac5ffc112274)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v7.6, protocol version: 7
IP Address; (xxx.xx.xx.xx)
FW Version; 386.9_0 (Jan 6 2023) (4.1.27)
Install Dir; /tmp/mnt/SANDISK/skynet (112.6G / 114.6G Space Available)
SWAP File; /tmp/mnt/SANDISK/myswap.swp (2.0G)
Syslog Location; (/jffs/syslog.log) (/jffs/syslog.log-1)
Uptime; 0 days, 0 hours, 5 minutes.
Ram Available; (108M / 416M)
First I tried to set custom domains to ban on the stock Merlin's firmware and after testing, the conclusion was that the firewall doesn't filter those IPs/domains I set before. So after this, I've found Skynet, I installed it, right after checked the router's GUI and Skynet's stats were blank. They continued to be blank after reboot, later I changed log level to debug on the router logs page (on GUI), I went back and suddenly I saw that Skynet begun to work. Later I started testing and added custom rules to ban domains, turns out the router doesn't block my rules.
However, looking at the logs, there are some blocking is going on, but not the predetermined rules.
Doing debug on Skynet, all tests came back ok:
Code:
-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------
Internet-Connectivity | [Passed]
Write Permission | [Passed]
Config File | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 3 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]
----------- | ----------
| Setting | | | Status |
---------- | ----------
Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Custom]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]
18/18 Tests Sucessful
Additionally I disabled Pi-hole during my tests, so a particular domain wouldn't be filtered on DNS level.
I have no idea what next, probably I'm going to reinstall Skynet while formatting my attached flash drive. If there's anyone who could help me, give some tips, I'd appreciate it!