What's new

Firewall doesen't block custom rules, neighter Skynet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


Occasional Visitor
Hi All!
I have a Asus router that I bought about 3 months ago, recently I started to focus more on network security because my home server was hacked previously. I have Pi-hole on my whole network and I want to have a secure firewall on my router.

This is my configuration (from Skynet):

Router Model; RT-AC86U
Skynet Version; v7.3.5 (09/01/2023) (702ee3895944085a17abac5ffc112274)
iptables v1.4.15 - (eth0 @
ipset v7.6, protocol version: 7
IP Address; (xxx.xx.xx.xx)
FW Version; 386.9_0 (Jan 6 2023) (4.1.27)
Install Dir; /tmp/mnt/SANDISK/skynet (112.6G / 114.6G Space Available)
SWAP File; /tmp/mnt/SANDISK/myswap.swp (2.0G)
Syslog Location; (/jffs/syslog.log) (/jffs/syslog.log-1)
Uptime; 0 days, 0 hours, 5 minutes.
Ram Available; (108M / 416M)

First I tried to set custom domains to ban on the stock Merlin's firmware and after testing, the conclusion was that the firewall doesn't filter those IPs/domains I set before. So after this, I've found Skynet, I installed it, right after checked the router's GUI and Skynet's stats were blank. They continued to be blank after reboot, later I changed log level to debug on the router logs page (on GUI), I went back and suddenly I saw that Skynet begun to work. Later I started testing and added custom rules to ban domains, turns out the router doesn't block my rules.
However, looking at the logs, there are some blocking is going on, but not the predetermined rules.

Doing debug on Skynet, all tests came back ok:

--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Config File                         | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 3 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]

-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Custom]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

18/18 Tests Sucessful

Additionally I disabled Pi-hole during my tests, so a particular domain wouldn't be filtered on DNS level.
I have no idea what next, probably I'm going to reinstall Skynet while formatting my attached flash drive. If there's anyone who could help me, give some tips, I'd appreciate it!

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!