Skynet Skynet - Router Firewall & Security Enhancements

[Dee dee]

Also, if CNN is already in your browser's DNS cache (looking at you, Firefox) then it will get around Diversion. You'll need to clear your local machine's DNS cache.

Ok i temporary added cnn.com to diversion and it blocked it beautifully.

I wanted to add a "hosts file" to diversion to process and block. Where do i go to the option to import a file.

For skyneti tried just website1.com website2.com each on a seperate line in a file and it failed

 

[Treadler]

Ok i temporary added cnn.com to diversion and it blocked it beautifully.

I wanted to add a "hosts file" to diversion to process and block. Where do i go to the option to import a file.

For skyneti tried just website1.com website2.com each on a seperate line in a file and it failed

diversion > b > 1 > 2
Paste the link to your list there.

 

[jadog]

Can someone explain if the default setup of Skynet is any different to the built in ASUS AIProtection with TrendMicro's malware blocking and network protection?

 

[Adamm]

Can someone explain if the default setup of Skynet is any different to the built in ASUS AIProtection with TrendMicro's malware blocking and network protection?

Skynet is a blacklist based firewall solution. AiProtect uses a DPI engine to identify threat signatures.

 

[#TY]

I only use Skynet without any of TrendMicro's offerings. It's been a couple of months now since my nuclear reset and everything is running rock solid.

 

[jadog]

Skynet is a blacklist based firewall solution. AiProtect uses a DPI engine to identify threat signatures.

So does that mean Skynet is better and disable AI or should I use both?

 

[Adamm]

So does that mean Skynet is better and disable AI or should I use both?

Skynet was designed to work with AiProtect as an additional layer of protection.

 

[Dee dee]

diversion > b > 1 > 2
Paste the link to your list there.

Treadler, I wanted to make my own file and load it in and not host it via the web.

It's for blocking certain domains for a device.

 

[wbartels]

Is it 100% safe to add black lists witch contains private IP ranges like firehol_level1 and Fullbogons?
As far as I can see these functions filter them out:

Filter_PrivateSRC ()
Filter_PrivateDST ()
Filter_PrivateIP ()

I'm considering to add https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt

IPv4 Fullbogons
The traditional bogon prefixes, plus prefixes that have been allocated to RIRs but not yet assigned by those RIRs to ISPs, end-users, etc.
Updated every four hours.

 

[clvk07]

Just list the country digraphs with spaces between them. For example, I have "cn il ir kp ru tw ua"

Edit. WITH spaces. :facepalm:

the interface doesn't seem to fail if you type wrong abbreviations or use wrong syntax. It seems to accept everything

so the space is the delimiter

i] Removing Previous Country Bans (cn)
Banning Known IP Ranges For (cn ru)

 

[JaimeZX]

If you accidentally type a fake digraph it does nothing, because there is no country associated with "xy" for example. So "cn ir xy" would only get you China and Iran. But if you meant to type "ir" and you typed "il" you'll be blocking Israel instead of Iran. So it can fail if you type the wrong digraph.

 

[Treadler]

Treadler, I wanted to make my own file and load it in and not host it via the web.

It's for blocking certain domains for a device.

Above my pay grade, sorry.

 

[Dee dee]

Above my pay grade, sorry.

Understood.

Is it a bad idea to put the same sites in both blacklist for diversion and skynet. To be 100% sure it is blocked

Sent from my SM-A505U1 using Tapatalk

 

[Adamm]

Is it 100% safe to add black lists witch contains private IP ranges like firehol_level1 and Fullbogons?
As far as I can see these functions filter them out:

Filter_PrivateSRC ()
Filter_PrivateDST ()
Filter_PrivateIP ()

I'm considering to add https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt

I try to whitelist the ones in use, but I personally don't use a fullbogons list so there could be other conflicts.

Understood.

Is it a bad idea to put the same sites in both blacklist for diversion and skynet. To be 100% sure it is blocked

Sent from my SM-A505U1 using Tapatalk

While Skynet does support domain blacklisting, this is preferably done at a DNS level via Diversion as you will more accurately block the domain rather then the whole server (potentially effecting other domains)

 

[Dee dee]

I try to whitelist the ones in use, but I personally don't use a fullbogons list so there could be other conflicts.



While Skynet does support domain blacklisting, this is preferably done at a DNS level via Diversion as you will more accurately block the domain rather then the whole server (potentially effecting other domains)

Adamm, thanks for explaining. Is there any reason skynet is not able to read my ip address file in general, as its 1 ip address per line and I ran dos2unix on it and placed it in /jffs/scripts/customfile.txt it just says no content in file or something like that.

Also with diversion I have to add site by site into the wildcard blacklist with a comment per each there is no way to do a batch without a web hosted file I understand.

Sent from my SM-A505U1 using Tapatalk

 

[SuperDuke]

Skynet was designed to work with AiProtect as an additional layer of protection.

FWIW, I too only use Skynet since I found memory leakage when using the Trend offerings......I'd prefer to use Trend as well, but I don't like having to reset the router because of maxed out ram usage every two weeks.....Skynet is bloody awesome anyhow

 

[thelonelycoder]

Treadler, I wanted to make my own file and load it in and not host it via the web.
It's for blocking certain domains for a device.

Diversion is an ad-blocker and thus runs off of hosts file(s). Diversion only supports hosted files for the blocking file.

 

[Adamm]

Adamm, thanks for explaining. Is there any reason skynet is not able to read my ip address file in general, as its 1 ip address per line and I ran dos2unix on it and placed it in /jffs/scripts/customfile.txt it just says no content in file or something like that.

Without seeing the list or output from Skynet its impossible for me to tell whats wrong

 

[Dee dee]

Without seeing the list or output from Skynet its impossible for me to tell whats wrong

How do I get the debug from when I try to load the file what do I type

Sent from my SM-A505U1 using Tapatalk

 

[Adamm]

How do I get the debug from when I try to load the file what do I type

Sent from my SM-A505U1 using Tapatalk

As per the readme in the second post;

Example Import Commands; ( sh /jffs/scripts/firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples