LONG time Asus/Merlin, first time amtm -- reassurance please

[David Cavalli]

I've used Asus routers for over 15 years and Merlin firmware for at least 7. I've dug under the hood and manually managed a bunch of things at their lower level. I can't say why I've avoided amtm for so
long other than I like to be "hands-on". My self-managed Linux server had a hacker attack the other day, but my self-programmed firewall held. Talked to a friend about it (who bought Asus and uses Merlin at my suggestion) and mused if my new Asus RT-AX88U Pro would have been able to handle it. "Well, Skynet and forget it, right?" *NO* idea what he meant last week. Some minor research later and I'm *stunned* how much our "community scripts" can do. Over the past week, I bought a Samsung Bar Plus 128GB, loaded Entware and took the Skynet plunge. (I also downloaded most of the "utility" scripts that look like they don't take up many resources.) When I had the RT-AC68U, I had to keep that thing *SO* fine tuned, because there just wasn't enough NVRAM. I optimized everything. Bought the new router as the old one outlived its era, but really haven't looked into what it can do. Today, I have the opposite problem. While Skynet + "utilities" aren't doing much to eat into the power of my Asus, I'm concerned that I don't want to bloatware my perfectly-running router. In looking at the scripts available, I think Unbound and Diversion are probably the next "must haves" I want to install. YazFI looks like it's a good way to manage Guest WiFi (which I am manually right now). But this is where I'm concerned. How do I know what is "too much" for this rig? I want to go with what I "need" then "want", but would rather have stability.

I'm guessing that I probably could load *ALL* of this and more, but didn't want to push my luck with the newfound stability of the 3006.102.6 and now .7 releases. Then I remembered that Skynet blocked 22k IPs the first night! For all I know, I have a Ferrari and I'm still scared to drive 25 MPH on the freeway.

Any reassurance that my list of planned scripts is "smart" would be appreciated. Any guidance of things I've missed would be awesome. Other suggestions aprpeciated. After avoiding amtm forever, I don't want to go the opposite direction without understanding.

Thanks in advance!

 

[ColinTaylor]

Your router is the gateway between the untrusted internet and your home network. Every additional service or feature is another potential point of failure. That's true whether it's part of the base firmware or a user created addon. Case in point, AiCloud.

So don't install/enable things "just because you can". For example, you said Skynet blocked 22k IPs. But those IPs almost certainly would have been blocked by the router's own firewall (or AiProtection) without Skynet. So you may have added complexity and a dependency on a working USB drive, for no particular gain.

That's not to say you shouldn't install/enable any additional features. Just make sure they're worthwhile to you and not just what someone else uses.

 

[dave14305]

Diversion is a very safe bet. Unbound, not so much. YazFi is not compatible with your firmware. Don't duplicate features the firmware already provides (ntp, syslogging, speedtests, DNS servers) or doesn't need (connection monitoring).

If it doesn't make the router safer or faster, why do you want it?

Then, if you still want them after considering those points, go ahead. But take backups first.

 

[jksmurf]

I can't say why I've avoided amtm for so
long other than I like to be "hands-on"

Lol, yeah, very much picked that up when I suggested you run YazDHCP back in this thread. You're all over it.

I know you like to know what is honking along under the hood, but if you're installing other stuff under amtm, I'd still recommend you try YazDHCP and let that replace your dnsmasq.conf.add, dnsmasq-X.conf in your sig. Eventually it just gets easier (IMO) doing it that way. I modified/updated those .add and .confs in the past too but for ease of maintenance, I prefer the addon.

Pretty much agree with what the two posters above have to say though, I have looked at and uninstalled a number of scripts as they don't add anything for me.
This is my lot. I am vacillating on whether Skynet is helping or even hindering but I do enjoy Diversion and Tailmon has been great for me.