Skynet Is default firewall good enough?

BreakingDad

Very Senior Member
Sorry if this has been asked before, I just wanted opinions.

Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet?

We also all have malwarebytes premium installed, trendnet on and adguard with all protections on.

The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

The paranoid part of me (which is quite a large part of me) is concerned though that not running it is compromising the security of my homenetwork.

Thoughts?
 

dave14305

Part of the Furniture
If you open inbound ports from the internet (e.g. VPN servers, port forwards, etc), Skynet is a good idea to keep the known bad guys out. If nothing is open from the outside, then you could probably do without it.
 

SomeWhereOverTheRainBow

Part of the Furniture
Sorry if this has been asked before, I just wanted opinions.

Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet?

We also all have malwarebytes premium installed, trendnet on and adguard with all protections on.

The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

The paranoid part of me (which is quite a large part of me) is concerned though that not running it is compromising the security of my homenetwork.

Thoughts?
I don't go any where without skynet turned on.
 

cptnoblivious

Senior Member
The real additional benefit is the outbound blocking. That's also the biggest PITA, when it has false positives and blocks things that prevent you from doing what you want.

If that's worth it, only you can answer :)
 

Gary_Dexter

Regular Contributor
Sorry if this has been asked before, I just wanted opinions.

Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet?

We also all have malwarebytes premium installed, trendnet on and adguard with all protections on.

The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

The paranoid part of me (which is quite a large part of me) is concerned though that not running it is compromising the security of my homenetwork.

Thoughts?
Can’t say I’ve noticed any slowdowns when it’s been enabled for me.
 

Tech9

Part of the Furniture
The reason I ask is lately it seems to have a lot of false positives and it's a pain to keep whitelisting etc, also I am noticing network slowdowns with it.

You have answered your own question. With the default blocklists used - potential small benefits with potential big headaches.
 

BreakingDad

Very Senior Member
I've put it back on, no idea why it caused the slow down briefly, it's never done that before. Reinstall seems to have fixed it and I whitelisted the battlenet and roblox stuff it was blocking. All good
 

Tech9

Part of the Furniture
I only have firehol_level1 on my firewall. It works well with very few false positives. I don't remember if Skynet can use custom blocklists.
 

Tech9

Part of the Furniture
Same here.....

The experience usually comes this way:

1) a new blocking tool discovered, very powerful
2) a new blocking obsession developed, very strong
3) new unpaid support job accepted, in training
4) WAN connection is getting closer to what LAN is
5) politics what's good for the general population fail
6) all best efforts to fit the new job position fail
7) wife locks the bedroom door, the couch is available
8) the couch is found not very comfortable
9) support job resignation, in talks to use the bedroom
10) the tool uninstalled, settings back to default

:)
 

isira

Occasional Visitor
I only have firehol_level1 on my firewall. It works well with very few false positives. I don't remember if Skynet can use custom blocklists.
I'm using firehol_level1 and firehol_webclient with Skynet. I also use OISD Basic with Diversion and Unbound's DNS firewall (URLHaus) in addition to AiProtection. I've encountered very few false positives with this setup.
 
Last edited:

Tech9

Part of the Furniture
even one block to a malicious site is enough for me to keep Skynet running

And one block to the DNS server you use is enough to remove it. Like it happened with Quad9 already. You decide. It's your network after all.
 

TheLyppardMan

Very Senior Member
Skynet seems to be doing a good job, as usual. Currently, I am seeing lots of blocked inbound attempts from one particular IP address:-
Screenshot - 11_02_2022 , 10_23_16.jpg
 

AntonK

Very Senior Member
Same here.....
What do you two mean by "I only use firehol_level1 on my firewall"? If not via Skynet, are you talking about some other firewall not native to the router?

Thanks.
 

Tech9

Part of the Furniture
are you talking about some other firewall

pfBlockerNG on pfSense in my case.

You have to use custom blocking list in Skynet. The default is this one:


What we use is this one only:


And a description what it is here:

 

AntonK

Very Senior Member
pfBlockerNG on pfSense in my case.

You have to use custom blocking list in Skynet. The default is this one:


What we use is this one only:


And a description what it is here:


Thank you!
 

SomeWhereOverTheRainBow

Part of the Furniture
pfBlockerNG on pfSense in my case.

You have to use custom blocking list in Skynet. The default is this one:


What we use is this one only:


And a description what it is here:

Does the level 2 or level 3 include level 1? or are they all completely different?
 

Viktor Jaep

Very Senior Member
Does the level 2 or level 3 include level 1? or are they all completely different?
It looks like they're all different, and contain a different number of IPs:

NameCIDRsIP Addresses
FireHOL Level 12,739567,889,627
FireHOL Level 219,64134,029
FireHOL Level 319,79137,945

Firehol 1:
# A firewall blacklist composed from IP lists, providing
# maximum protection with minimum false positives. Suitable
# for basic protection on all internet facing servers,
# routers and firewalls. (includes: bambenek_c2 dshield feodo
# fullbogons spamhaus_drop spamhaus_edrop sslbl ransomware_rw)

Firehol 2:
# An ipset made from blocklists that track attacks, during
# about the last 48 hours. (includes: blocklist_de dshield_1d
# greensnow)

Firehol 3:
# An ipset made from blocklists that track attacks, spyware,
# viruses. It includes IPs than have been reported or
# detected in the last 30 days. (includes: bruteforceblocker
# ciarmy dshield_30d dshield_top_1000 malc0de
# maxmind_proxy_fraud myip shunlist snort_ipfilter
# sslbl_aggressive talosintel_ipfilter vxvault)
 

Viktor Jaep

Very Senior Member
If anyone's interested, I've been using my own custom filter list for Skynet... plug this URL into Skynet and profit:

Code:
https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list

And yes, it contains all 3 Firehol lists as well. ;)
 

SomeWhereOverTheRainBow

Part of the Furniture
If anyone's interested, I've been using my own custom filter list for Skynet... plug this URL into Skynet and profit:

Code:
https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list

And yes, it contains all 3 Firehol lists as well. ;)
Thanks for taking the time to share with us. I highly appreciate it.

As a reward: I also want to share a list of IP's for highly elusive nasties

 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top