What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Just ran the update on a rt ac3200 and now i get these 2 errors :
Downloading filter.list | [0s]
Refreshing Whitelists | /jffs/scripts/firewall: line 5228: can't fork
[7s]
Consolidating Blacklist | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
-*-
Any help would be greatly appreciated.
 
Just ran the update on a rt ac3200 and now i get these 2 errors :
Downloading filter.list | [0s]
Refreshing Whitelists | /jffs/scripts/firewall: line 5228: can't fork
[7s]
Consolidating Blacklist | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
-*-
Any help would be greatly appreciated.

What firmware version (and device) are you using? Skynet will now require v384.13 or the curl package from entware.
 
What firmware version (and device) are you using? Skynet will now require v384.13 or the curl package from entware.
Running latest firmware for router specified (asus rtac3200 , 384.13_2 ) and my device is an hard drive formatted to ext4 running the scripts.
 
What firmware version (and device) are you using? Skynet will now require v384.13 or the curl package from entware.
Would you consider retaining a "legacy version" similar to John's fork for those that cannot support the newer versions of AsusWrt? Maybe in an archive someplace? Caveated that no updates are being made but core functionality should work, etc, etc.
 
Running latest firmware for router specified (asus rtac3200 , 384.13_2 ) and my device is an hard drive formatted to ext4 running the scripts.

Thats weird, whats the output of

Code:
curl --version
wc -l /jffs/shared-*




Would you consider retaining a "legacy version" similar to John's fork for those that cannot support the newer versions of AsusWrt? Maybe in an archive someplace? Caveated that no updates are being made but core functionality should work, etc, etc.

Worst case scenario entware hosts the latest version of curl so users could instead use that;

skynet@RT-AX88U-DC28:/tmp/home/root# opkg list | grep "curl - 7"
curl - 7.66.0-1 - A client-side URL transfer utility
 
Got the same on malware blacklist update as @Safemode
Code:
[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | [16s]
[i] Consolidating Blacklist         | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
curl --version
Code:
curl 7.65.3 (arm-unknown-linux-gnu) libcurl/7.65.3 OpenSSL/1.0.2t zlib/1.2.5
Release-Date: 2019-07-19
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

wc -l /jffs/shared-*
Code:
 44 /jffs/shared-Diversion-whitelist
 1 /jffs/shared-SelectiveRouting-whitelist
 20 /jffs/shared-Skynet-whitelist
 14 /jffs/shared-Skynet2-whitelist
 79 total
 
Running latest firmware for router specified (asus rtac3200 , 384.13_2 ) and my device is an hard drive formatted to ext4 running the scripts.

Got the same on malware blacklist update as @Safemode
Code:
[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | [16s]
[i] Consolidating Blacklist         | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
curl --version
Code:
curl 7.65.3 (arm-unknown-linux-gnu) libcurl/7.65.3 OpenSSL/1.0.2t zlib/1.2.5
Release-Date: 2019-07-19
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

wc -l /jffs/shared-*
Code:
 44 /jffs/shared-Diversion-whitelist
 1 /jffs/shared-SelectiveRouting-whitelist
 20 /jffs/shared-Skynet-whitelist
 14 /jffs/shared-Skynet2-whitelist
 79 total


Oops, didn't realize the AC3200 / AC87U were only still on v384.13_2 which has the old curl version. You will have to either download the curl package from entware until the firmware update is available (this should work) or roll back to the previous Skynet version.

Roll back to Skynet v6.9.2;

Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/aac085a8866e95081e0713a78c760905aae885d1/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall
 
Last edited:
Just manually updated to the latest 7.0, running Merlin 384.14, will report issues, if any,

Thank you for your time and effort :)
 
Oops, didn't realize the AC3200 / AC87U were only still on v384.13_2 which has the old curl version. You will have to either download the curl package from entware until the firmware update is available (this should work) or roll back to the previous Skynet version.

To download curl via entware;

Code:
opkg update
opkg install curl

Or to roll back to Skynet v6.9.2;

Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/aac085a8866e95081e0713a78c760905aae885d1/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall
Updated curl via entware
Now i get
Code:
/tmp/home/root# curl --version
curl 7.66.0 (arm-openwrt-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
Release-Date: 2019-09-11
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz SSL
But still get the error message when i do the malware blacklist update
Tried the ep (update/upgrade) option in amtm after that aswell
 
Updated curl via entware
Now i get
Code:
/tmp/home/root# curl --version
curl 7.66.0 (arm-openwrt-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
Release-Date: 2019-09-11
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz SSL
But still get the error message when i do the malware blacklist update
Tried the ep (update/upgrade) option in amtm after that aswell

Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
 
Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
Thanks Adamm
Will do the downgrade

edit:
Working fine again with v6.9.2 and fingers crossed for another awesome firmware update from RMerlin ;)
 
Last edited:
Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
Hacky TEMP solution is to add your 'correct' path to wherever the 'new' curl is installed to the first line after the banner of the 'firewall' script.

i.e.
export PATH=/tmp/mnt/usb-data/entware/bin:/sbin:/bin:/usr/sbin:/usr/bin$PATH
This almost could be done *temporarily* in the shell *without* changing your script but you understandably force the '/sbin:/bin:/usr/sbin:/usr/bin' path to the front of the PATH environment variable, therefore the script needs to be slightly edited.

I will delete this post if this is a BIG 'No No' as I can understand that changes to your script will make supporting users a 'Pain', even if it is meant to be temporary. :)
 
Hacky TEMP solution is to add your 'correct' path to wherever the 'new' curl is installed to the first line after the banner of the 'firewall' script.

i.e.
export PATH=/tmp/mnt/usb-data/entware/bin:/sbin:/bin:/usr/sbin:/usr/bin$PATH
This almost could be done *temporarily* in the shell *without* changing your script but you understandably force the '/sbin:/bin:/usr/sbin:/usr/bin' path to the front of the PATH environment variable, therefore the script needs to be slightly edited.

I will delete this post if this is a BIG 'No No' as I can understand that changes to your script will make supporting users a 'Pain', even if it is meant to be temporary. :)

If they remove the existing "export PATH" line manually from Skynet they will also get this effect. But for most users its probably easier to just wait for a firmware update
 
Thanks again and congrats with the 1000th Github commit.
I made you a small donation with PayPal for all the hard work!

Appreciate the kind words and generosity ;)
 
Thank you for the update. The new logo looks great in Windows Terminal:
upload_2019-12-19_14-22-27.png
 
Last edited:
Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
I'm curious about that choice. Have you found incompatibilities between the busybox and Entware implementations of utilities other than busybox being only a subset of the Entware implementation? I'm careful to set my path to prefer Entware normally, and so far I haven't had any issues, but is there a reason I should do it differently?
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top