What's new

Skynet SkyNet Blocking Subnet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

djtech2k

Regular Contributor
I have Skynet configured to block a list of countries. The US is not one of them. Yesterday we noticed some websites not working and I traced it back to a subnet that Skynet Blocked. It says the reason is that its in my blocked country list BUT it shows it as the US, which I do not have blocked.

What's the best way to handle this? I manually whitelisted a single IP, but I guess the blacklist of overriding it or it is implemented after the whitelist.
 
I just edited the skynet.ipset and removed the blocked line for that CIDR block. I restarted skynet and it did not come back. Hopefully that is the best way.
 
Well it looks like it is blocked again today. Skynet says its showing up in SKynet-BlockRanges. Whats the best way to handle this?
 
Country ban data comes from a different provider than the country reporting stats. Maybe they disagree.
 
So what is the best way to handle this or fix it? I do not want to keep manually removing that CIDR block every day.
 
Skynet might be considered abandonware, since Adamm no longer posts on the forums. If the script isn’t abandoned, the users sure are (IMO). I uninstalled Skynet a while back because of this.

You can try to get some help at his GitHub page, or read the docs on the GitHub page.
Maybe if you posted more specifics like the IP and range, another Skynet user might be able to help.
 
Perhaps you created the problem in first place blocking countries you shouldn’t have. Many common web services have servers all around the globe. What are you blocking so much? What is your router’s firewall for?
 
I blocked a list of countries is for a few different reasons.

For example, I would see constant logon attempts or ports accessed from certain countries. I blocked some of those countries for security.

Another reason is because certain countries should never be accessed incoming or outgoing from my network. Nobody ever has any reason to communicate with places like China, Russia, Korea, etc. Any sites hosted there do not need accessed from my network and nothing there needs any access to my network. I only block about 10 countries.
 
I blocked a list of countries is for a few different reasons.

For example, I would see constant logon attempts or ports accessed from certain countries. I blocked some of those countries for security.
The firewall will drop those anyway. The only additional protection country blocking inbound will provide is if you have any port forwards, and will stop bad actors knocking on the server you're forwarding to rather than on the router firewall.
 
Thats strange. I searched for it from several sources and it came back US. The specific IP even comes back as (US) in the skynet logs.
 
For example, I would see constant logon attempts or ports accessed from certain countries.

What you see is mostly Internet bots, part of the background noise. Shodan scans everything on a regular basis, for example. Your firewall drops those connections with or without Skynet. It just visualizes for you the "attempts" and you feel safer. Enable Dropped packets logging on your router with Skynet disabled and see the result. With no open ports Skynet is only preventing you from accessing what you have blocked.
 
With no open ports Skynet is only preventing you from accessing what you have blocked.
Indeed. Adding extra filtering when you have no open port is indeed mostly a waste of router resources, unless you need to do outbound filtering.
 
Is there any alternative to skynet?
 
Thanks for the responses. Good info.

I would like to prevent anything from certain places from hitting any of my open ports. I would also like to prevent users on my network from accessing anything from those places. Its just about trying to prevent outsiders from coming in and also users accidentally or unknowingly accessing potentially harmful stuff. I realize that kind of stuff comes from all over but my thought was any little bit helps. Maybe its the wrong approach.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top