Skynet Skynet - Router Firewall & Security Enhancements

[skeal]

That output is perfectly normal and the script is running as it should, what are you trying todo specifically?

My firewall-start won't start at boot and it hangs when I manually start it.

my firewall-start is as follows:

#!/bin/sh
# Load ipset filter rules
sh /jffs/scripts/create-ipset-lists.sh
sh /jffs/scripts/malware-block
sh /jffs/scripts/privacy-filter
echo "0 * * * * /jffs/scripts/firewall save" > /var/spool/cron/crontabs/admin
[ -n "`pidof crond`" ] && killall -q crond
sleep 5
crond
sh /jffs/scripts/firewall

[ -x /jffs/dnscrypt/dnscrypt-fw-rules ] && /jffs/dnscrypt/dnscrypt-fw-rules

Can anyone help me I am not good with this script stuff???
After starting manually every thing started except the dynamic ip blocker is there something wrong with my firewall-start?

 

[skeal]

I fixed what you mentioned. I dropped the sh. Everything starts but no hourly update from this script. When it starts it mentions crond busybox and a log level of 8. Then it shows the stats and I think says complete. But I never see it again.

 

[octopus]

Okey try this, modify this line

echo cru a firewall-save "0 * * * * /jffs/scripts/firewall save"

 

[skeal]

Okey try this, modify this line

echo cru a firewall-save "0 * * * * /jffs/scripts/firewall save"

The line now looks like this:

echo cru a firewall-save "0 * * * * /jffs/scripts/firewall save" > /var/spool/cron/crontabs/admin

Is this ok?

 

[octopus]

The line now looks like this:

echo cru a firewall-save "0 * * * * /jffs/scripts/firewall save" > /var/spool/cron/crontabs/admin

Is this ok?

no

Cron Utility
add:    cru a <unique id> <"min hour day month week command">
delete: cru d <unique id>
list:   cru l

 

[skeal]

no

Cron Utility
add:    cru a <unique id> <"min hour day month week command">
delete: cru d <unique id>
list:   cru l

How about this sorry?

echo cru a firewall-save "0 * * * * /jffs/scripts/firewall save"
[ -n "`pidof crond`" ] && killall -q crond
sleep 5
crond
   /jffs/scripts/firewall

 

[octopus]

How about this sorry?

echo cru a firewall-save "0 * * * * /jffs/scripts/firewall save"
[ -n "`pidof crond`" ] && killall -q crond
sleep 5
crond
   /jffs/scripts/firewall

yes try that, it writes to /var/spool/cron/crontabs/admin

 

[john9527]

How about this sorry?

echo cru a firewall-save "0 * * * * /jffs/scripts/firewall save"
[ -n "`pidof crond`" ] && killall -q crond
sleep 5
crond
   /jffs/scripts/firewall

Take out the leading 'echo'....you want just the cru command....

 

[skeal]

Take out the leading 'echo'....you want just the cru command....

Yes!! That did it! She all works now! Thank you again you guys are awesome.

 

[Adamm]

I like that people have adapted the script to their own use/implementations for something I made 4 years ago. But I think for the sake of not confusing or overwhelming new users it might be best for separate threads.

 

[Martineau]

I like that people have adapted the script to their own use/implementations for something I made 4 years ago. But I think for the sake of not confusing or overwhelming new users it might be best for separate threads.

And what would you suggest the title of the alternative thread to be?

Much like the 'Selective Routing' thread, whilst there are probably 10 different versions of user contributed scripts, users are free to choose which one best works for them having stumbled upon a single pertinent succinct thread title.

In this current thread there are only two scripts which effectively perform the same basic function as per the current thread title, and new users are clearly free to choose which one suits their particular needs

e.g. @skeal recently installed your version, whilst @HardCat opted for my v3.03 attempt.

NOTE: My script expects users to implement say @swetoast's 'malware IPSET blocking feature' etc. whereas your new version now includes a similar custom 'malware' blocker.

I have fully acknowledged your original contribution both in my posts and clearly in the code, so I don't see how having separate threads would help reduce any perceived 'confusion'.

However, if you believe you are the owner of this thread, then feel free to lock this thread or have me banned etc.

Regards,

 

[Adamm]

And what would you suggest the title of the alternative thread to be?

Much like the 'Selective Routing' thread, whilst there are probably 10 different versions of user contributed scripts, users are free to choose which one best works for them have stumbled upon a single pertinent succinct thread title.

In this current thread are are only two scripts which effectively perform the same basic function as per the current thread title, and new users are clearly free to choose which one suits their particular needs

e.g. @skeal recently installed your version, whilst @HardCat opted for my v3.03 attempt.

NOTE: My script expects users to implement say @swetoast's 'malware IPSET blocking feature' etc. whereas your new version now includes a similar custom 'malware' blocker.

I have fully acknowledged your original contribution both in my posts and clearly in the code, so I don't see how having separate threads would help reduce any perceived 'confusion'.

However, if you believe you are the owner of this thread, then feel free to lock this thread or have me banned etc.

Regards,

Don't get me wrong I love how the idea has been adapted and hope it continues to evolve as IPSet is a great tool, I just think for support purposes and clarity different implementations per say should have their own threads. Easy for things to get buried and confused in 10 pages.

 

[a_lunatic]

Will this work on an RT-88U with AB-Solution running on it.

 

[swetoast]

Will this work on an RT-88U with AB-Solution running on it.

yes

 

[steef84]

Is there a way to achieve this already on a AC66U?

 

[swetoast]

yes, sadly none of the authors have picked me up on my offer to put up official installation instructions on the wiki

but its almost like all the other scripts get the script from this post

https://www.snbforums.com/threads/h...et-firewall-addition.16798/page-7#post-312136

• Enable and format JFFS through WEB UI first (if not already enabled)
  
  
• Then place the content to /jffs/scripts/IPSET_Block.sh
  
  
• Then make it executable:

chmod +x /jffs/scripts/IPSET_Block.sh

• Finally call this at the end of your existing /jffs/firewall-start:

# Load ipset filter rules
sh /jffs/scripts/IPSET_Block.sh

• then append the following line to /jffs/scripts/services-start:

cru a dynamic-filter "0 */4 * * * /jffs/scripts/IPSET_Block.sh"

this is just an example of how to but it should work

@Martineau that should cover it, shouldn't it ?

 

[Xentrk]

This is from the script comment section. The change from last version is the nolog option is added to the firewall-start line.

In jffs/scripts/init-start, add the lines:
/usr/sbin/cru a IPSET_SAVE "0 * * * * /jffs/scripts/IPSET_Block.sh save" #Every hour
/usr/sbin/cru a IPSET_BACKUP "0 5 * * * /jffs/scripts/IPSET_Block.sh backup" #05:00 every day

In /jffs/scripts/firewall-start, add the line:
/jffs/scripts/IPSET_Block.sh init nolog

I just updated three routers with © 2016-2017 Martineau, v3.03 and all is good so far.

 

[mannp]

Thanks for the updated 3.03 script.

I am wondering if everything is ok with the following output?

Would apprecaite input from someone who is in the know

(ipset_block.sh): 1641 v3.03 © 2016-2017 Martineau, Dynamic IPSET Blacklist banning request.....

(ipset_block.sh): 1641 Saving IPSET Block rules to /tmp/IPSET_Block.config.....

ipset v4.5: Unknown set

ipset v4.5: Unknown set

Try `ipset -H' or 'ipset --help' for more information.


Summary Blacklist: Successful blocks! (0 IPs currently banned - 0 added

 

[swetoast]

Nope its not cause unknown set and that it shows the help message, but i dont know what the problem is cause i didnt write the script.

 

[mannp]

Nope its not cause unknown set and that it shows the help message, but i dont know what the problem is cause i didnt write the script.

Ok thanks and you are using 3.03 and it works out of the box from pastebin?