$ loading_
为家庭实验室网络改造提供分段、DNS过滤与远程访问变更前检查清单
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "homelab-network-readiness" 技能: 1. 下载 https://raw.githubusercontent.com/affaan-m/ECC/main/skills/homelab-network-readiness/SKILL.md 2. 保存为 ~/.claude/skills/homelab-network-readiness/SKILL.md 3. 装好后重载技能,告诉我可以用了
请为我的 homelab 生成一份变更前检查清单:我准备更换主路由器,现有网络包含 VLAN 分段、本地 DNS 过滤和 WireGuard 远程访问。请按路由、防火墙、DHCP、DNS、VPN、回滚方案几个部分列出需要确认的项目。
一份结构化的变更前检查清单,覆盖关键网络配置、依赖关系与回滚准备事项。
我计划调整家庭实验室的防火墙和 DHCP 配置,但担心会影响 WireGuard 远程接入。请给我一份 readiness checklist,重点检查远程访问、地址分配、端口开放、DNS 解析和管理入口可用性。
一份以远程接入连续性为重点的检查清单,帮助提前发现配置冲突和断连风险。
请根据 homelab 网络改造场景,生成一份检查清单:我要新增 IoT VLAN,并修改本地 DNS 过滤策略。请提醒我验证设备互通、DNS 例外规则、DHCP 作用域、防火墙隔离策略以及测试步骤。
一份面向 VLAN 分段和 DNS 策略调整的准备与验证清单,便于安全实施变更。
Use this skill before changing a home or small-lab network that mixes VLANs, Pi-hole or another local DNS resolver, firewall rules, and remote VPN access.
This is a planning and review skill. Do not turn it into copy-paste router, firewall, or VPN configuration unless the target platform, current topology, rollback path, console access, and maintenance window are all known.
Collect this before giving implementation steps:
| Area | Questions |
|---|---|
| Internet edge | What is the modem or ONT? Is the ISP router bridged or still routing? |
| Gateway | What routes, firewalls, handles DHCP, and terminates VPNs? |
| Switching | Which switch ports are uplinks, access ports, trunks, or unmanaged? |
| Wi-Fi | Which SSIDs map to which networks, and are APs wired or mesh? |
| Addressing | What subnets exist today, and which ranges conflict with VPN sites? |
| DNS/DHCP | Which service currently hands out leases and resolver addresses? |
| Management | How will the operator reach the gateway, switch, and AP after changes? |
| Recovery | What can be reverted locally if DNS, DHCP, VLANs, or VPN routes break? |
Start with intent rather than vendor syntax.
| Zone | Typical contents | Default policy |
|---|---|---|
| Trusted | Laptops, phones, admin workstations | Can reach shared services and management only when needed |
| Servers | NAS, Home Assistant, lab hosts, DNS resolver | Accepts narrow inbound flows from trusted clients |
| IoT | TVs, smart plugs, cameras, speakers | Internet access plus explicit exceptions only |
| Guest | Visitor devices | Internet-only, no LAN reachability |
| Management | Gateway, switches, APs, controllers | Reachable only from trusted admin devices |
| VPN | Remote clients | Same or narrower access than trusted clients |
Before recommending VLAN IDs or subnets, confirm:
Pi-hole or another local resolver should be introduced as a dependency, not as a single point of failure.
home.arpa names.…
通过双评审智能体对结果进行对抗式校验,提升输出发布前的可靠性
帮助用户配置家庭实验室 WireGuard VPN,实现安全远程访问与密钥管理。