Menu
What's new
By:
Filters Better Search

Skynet Skynet - Simple way to ban all countries?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

F

F-4Phantom

Occasional Visitor
I generally have a long list of countries that I ban via the option in Skynet. But it's a hassle to have to re-enter those if I have to re-install or otherwise clear the config.

Is there a way to ban all country codes and then just whitelist the one or two I want to allow?
 
F-4Phantom said:
I generally have a long list of countries that I ban via the option in Skynet. But it's a hassle to have to re-enter those if I have to re-install or otherwise clear the config.

Is there a way to ban all country codes and then just whitelist the one or two I want to allow?
Click to expand...

I just save a text file with this command in it... when I need to redo my router (or Skynet), I just run this command. Just keep this one up-to-date. How long is YOUR country list... ;)

Code: 
sh /jffs/scripts/firewall ban country "ru cn kp ir iq sa ae pk af az ba bg hr cu cz eg ee ge va hu id in il kz kw kg lv md om qa ro rs sk si sy tr ua uz"

BTW... F-4 Phantoms are probably one of my favorite fighter jets. Nice choice!
 
Viktor Jaep said:
I just save a text file with this command in it... when I need to redo my router (or Skynet), I just run this command. Just keep this one up-to-date. How long is YOUR country list... ;)

Code: 
sh /jffs/scripts/firewall ban country "ru cn kp ir iq sa ae pk af az ba bg hr cu cz eg ee ge va hu id in il kz kw kg lv md om qa ro rs sk si sy tr ua uz"

BTW... F-4 Phantoms are probably one of my favorite fighter jets. Nice choice!
Click to expand...
Thanks! I have a long list like yours. And I too had it saved to a text file that I copy/paste. But I like your script much better.

The Phantom is my favorite as well!
 
F-4Phantom said:
I've had zero issues with a lengthy list of banned country IP ranges for over a year. I allow connections from within my country only and that has been more than adequate.
Click to expand...
ch is the TLD for Switzerland, make sure to not block it or amtm and/or Diversion will have a problem.
 
Viktor Jaep said:
I just save a text file with this command in it... when I need to redo my router (or Skynet), I just run this command. Just keep this one up-to-date. How long is YOUR country list... ;)

Code: 
sh /jffs/scripts/firewall ban country "ru cn kp ir iq sa ae pk af az ba bg hr cu cz eg ee ge va hu id in il kz kw kg lv md om qa ro rs sk si sy tr ua uz"

BTW... F-4 Phantoms are probably one of my favorite fighter jets. Nice choice!
Click to expand...
I also have a text file with all my skynet settings on. :) great minds think alike

Whitelist

37.244.54.10 roblox
23.227.38.74 govee
128.116.119.3 battlenet
37.244.28.102 battlenet
91.199.81.1/24 phasmophobia
9.9.9.9 Quad 9 dns
1.1.1.1 Cloud dns
8.8.8.8 Gooogle dns
http://mirror.ossplanet.net (rpi/linux update)
ncs.roblox.com roblox
www.roblox.com roblox
23.48.23.45 roblox
128.116.121.3 roblox
128.116.119.4 roblox
23.196.236.42 roblox

Blacklist
cn br ir ua ar iq tw th lv ru ro cl sa pk sg bg in by er sy kp pk iq dz ao am bd bo bi cf cg cu sv gq kz kg la mg ml mn mz
tr tm it af al dz sv il na sd ae zw sd kw qa tj bt cu ke mw mx ni ne ps rw so
 
Last edited:
This is my country ban-list. I've used it for over a year.

I started out blocking Russia, China, N Korea. Then based upon what I was seeing in Skynet, I started blocking a lot more. At some point I decided that I had already blocked a lot of countries with no noticeable downside. So I started banning a whole lot more.

Most services I use have local servers in my country, so haven't seen an issue.

ae af al dz ao ar am aw at az bh bd by be bo ba bw br bn bg bf mm cf td cn co cd cg hr cu cy cz dk dj dm ae ec eg ee et fi gf ps ge gh gl gd hn hk hu in id ir iq il jo kz kp kr kw kg lv lb lr ly lt my mx mc mo np nl nz ni ne ng kp om pk ps pa py pe ph pl pt pw qa ro ru rw sa sn rs sc sl sg sk si so za gs kr ss tj tz th tr tm ug ua ae uz vn ye zw
 
Tech9 said:
I don’t block any countries and haven’t seen an issue either. Go figure. My theory is the firewall blocks all unsolicited connections anyway, with or without Skynet.
Click to expand...
That depends on what your firewalling policies are. With no portforwards enabled, your theory should be correct. Also, remember outbound traffic also makes connections that could warrent related, but unwanted in bound connections. Firewalls are generally neutered when it comes to intelligent blocking. However, blocking by country is taking a stab in the dark and hoping your internet and services will still work as they should lest you rather just block everything and whitelist what traffic you want to allow.

ASN blocking can be rather fun. For example, block AS15169 and see what services break.
 
Jumpstarter said:
With no portforwards enabled, your theory should be correct.
Click to expand...

Even if you have open ports, you don’t know if real malicious IPs are in blocklists. Community support blocklists are usually slowly updated. You have to be ready to deal with false positives as well. They may be fatal for your connection, like your DNS servers in blocklists. It happened before. If you block country X and they want to get to you badly, they’ll simply use a server in your country. Not very hard to organize. I mean, everyone is free to make choices, but some of them don’t come with the benefits expected.
 
Tech9 said:
Even if you have open ports, you don’t know if real malicious IPs are in blocklists. Community support blocklists are usually slowly updated. You have to be ready to deal with false positives as well. They may be fatal for your connection, like your DNS servers in blocklists. It happened before. If you block country X and they want to get to you badly, they’ll simply use a server in your country. Not very hard to organize. I mean, everyone is free to make choices, but some of them don’t come with the benefits expected.
Click to expand...
Honestly though, I think the head ache from what you mention in this post is definitely alot less from having to whitelist as a result of country blocks.
 
@Jumpstarter, more about the process here:

www.snbforums.com

Skynet - Is default firewall good enough?

Sorry if this has been asked before, I just wanted opinions. Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet? We also all have malwarebytes premium installed, trendnet on and adguard with all...
www.snbforums.com www.snbforums.com

:)
 
Tech9 said:
@Jumpstarter, more about the process here:

www.snbforums.com

Skynet - Is default firewall good enough?

Sorry if this has been asked before, I just wanted opinions. Do you think the default AX86U firewall, combined with the usual windows firewall is good enough, and is there any real advantage in using Skynet? We also all have malwarebytes premium installed, trendnet on and adguard with all...
www.snbforums.com www.snbforums.com

:)
Click to expand...
That is some insight you have. It is like saying don't build a fence since we obviously know it won't 100 percent offer protection and sometimes might lead to disappointment when you and other members of the family can't see what's on the otherside.
 
It’s a joke obviously, but some may recognize the stage they are at the moment. The less you know how blockers work the faster you move through the stages.
 
Tech9 said:
It’s a joke obviously, but some may recognize the stage they are at the moment. The less you know how blockers work the faster you move through the stages.
Click to expand...
I get that. I was agreeing. Those who dive head first even when the obvious is in front of their face usually experience such.
 
It came from personal experience, you know. I run pfSense and it has some really powerful tools available to play with.
 
This is correct. IP/DNS blocking is the junior team. IDS/IPS is the major league. No good team management - lost game and season.
 
Tech9 said:
This is correct. IP/DNS blocking is the junior team. IDS/IPS is the major league. No good team management - lost game and season.
Click to expand...
I think BanIP on openwrt does pretty good.
1658287386346.png
 
You must log in or register to reply here.

Similar threads

SomeWhereOverTheRainBow
Skynet Issue with skynet stats -Skynet Stats not properly displaying Ban Reason
Replies
14
Views
977
Tomo
Tomo
TheLyppardMan
Skynet banned countries interfering with syslog
Replies
1
Views
1K
TheLyppardMan
TheLyppardMan
S
Skynet Skynet ban IP not banning...
Replies
9
Views
2K
nbi
N
J
TWO WAY IPS AIPROTECTION - Whitelist ?
Replies
4
Views
664
jmbinette
J
Mogsy
Skynet Skynet WebUI as scMerlin sitemap
Replies
7
Views
865
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
Similar threads
Thread starter Title Forum Replies Date
P Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode? Asuswrt-Merlin AddOns 12
John Fitzgerald Solved Skynet running slow with install/update issues from AMTM? Asuswrt-Merlin AddOns 10
B Skynet Source LAN IP for outbound IP blocked by SkyNet Asuswrt-Merlin AddOns 8
O Skynet Installing Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 26
P Skynet Skynet errors Asuswrt-Merlin AddOns 8
ChickenheadOS Skynet Skynet 7.5.8 Firewall UI Issues Asuswrt-Merlin AddOns 18
P Send stats Division and Skynet to webhook or mqtt Asuswrt-Merlin AddOns 0
BATTLEPENCIL Skynet Unable to uninstall Skynet Asuswrt-Merlin AddOns 11
U Skynet Unable to Install Skynet Asuswrt-Merlin AddOns 31
P Skynet show inbound block on Digital TV Vlan300 Asuswrt-Merlin AddOns 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,030 (members: 28, guests: 1,002)
Top