What's new

Skynet Skynet Not Starting with IPTables Rules Failed

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Calkulin

Regular Contributor
I installed 386.2 alpha 2-g0b90696715 and I now have 3x AC68Us that are not starting Skynet and all show IPTables Rules failed even though my AX88U is running fine with Skynet with the same build. I tried uninstalling/reinstalling Skynet and while it eventually started fine after the install, within a few mins, it showed the same failed error. Logs are showing Rule Integrity Violation - Restarting Firewall [ #9 #10 ] for those 3 AC68Us, anyone else having this same issue with the new alpha build or have suggestions on how to fix it? I looked at the source code and found what the errors are pointing to and ran the 4 checks manually and returned correct values. Tried running the commands manually and got "iptables: Bad rule (does a matching rule exist in that chain?)"

1615220830579.png


Code:
    if [ "$(nvram get sshd_enable)" = "1" ] && [ "$(nvram get sshd_bfp)" = "1" ] && [ "$(uname -o)" = "ASUSWRT-Merlin" ] && [ "$(nvram get switch_wantag)" != "movistar" ]; then
        iptables -C SSHBFP -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j SET --add-set Skynet-Blacklist src 2>/dev/null || fail="${fail}#9 "
        iptables -C SSHBFP -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j LOG --log-prefix "[BLOCKED - NEW BAN] " --log-tcp-sequence --log-tcp-options --log-ip-options 2>/dev/null || fail="${fail}#10 "
    fi
 
Last edited:
Was brute force protection enabled on all of them, though? And more importantly, did the nvram command fix it?

Yes, all had it turned on and the unset command did fix it on all the AC68Us immediately, didn't even need to restart Skynet manually. Thanks a lot for that quick fix,
 
Yes, all had it turned on and the unset command did fix it on all the AC68Us immediately, didn't even need to restart Skynet manually. Thanks a lot for that quick fix,
And all had SSH enabled for WAN? Both conditions must be met for the rule check to take effect.
 
And all had SSH enabled for WAN? Both conditions must be met for the rule check to take effect.

The AC68Us did but with access restriction enabled for local /24 and 1 external IP. The AX88U didn't, which explains why the AX88U didn't have that issue now that I think about it,
 
Skynet was updated yesterday by adamm00 to resolve this issue. Thanks Adamm00!
 
Hi, have an AX86U and recently updated SkyNet to 7.5.4 and also Merlin FW to 3004.388.6 and I am now faced with this IPTables Rules [Failed]
Integrity violation on Rule #22

Anyone seen this?
How do I show rule #22 please?

Thanks in advance
 
Just an update
I also updated AMTM and notice entware had disappeared

Reinstalled entware - Skynet not fixed
Uninstalled Skynet
Installed Skynet - All good
Updated filter list - All good
Update country bans - All good
Enabled Invalid Logs - Failed again - Violation Rule #22
Couldn't disabled Invalid Logs

Uninstalled Skynet
Installed Skynet - All good
Updated filter list - All good
Updated country bans - All good

Left at that and all seems to be working still
Bit odd that Entware disappeared from AMTM and when reinstalling it detected a previous install
 
Hi, have an AX86U and recently updated SkyNet to 7.5.4 and also Merlin FW to 3004.388.6 and I am now faced with this IPTables Rules [Failed]
Integrity violation on Rule #22

Anyone seen this?
How do I show rule #22 please?

Thanks in advance
What’s the output of iptables --line -nL logdrop
 
Just an update
I also updated AMTM and notice entware had disappeared

Reinstalled entware - Skynet not fixed
Uninstalled Skynet
Installed Skynet - All good
Updated filter list - All good
Update country bans - All good
Enabled Invalid Logs - Failed again - Violation Rule #22
Couldn't disabled Invalid Logs

Uninstalled Skynet
Installed Skynet - All good
Updated filter list - All good
Updated country bans - All good

Left at that and all seems to be working still
Bit odd that Entware disappeared from AMTM and when reinstalling it detected a previous install
My guess is that USB storage was not available/mounted.
 
Yup, v7.5.4, AC88U- No internet at all. Disabling Skynet doesn't help.

Any ideas how to manually modify IPTABLES to allow connections?
 
Last edited:
Yup, v7.5.4, AC88U- No internet at all. Disabling Skynet doesn't help.

Any ideas how to manually modify IPTABLES to allow connections?
Check syslog in case it’s a dnsmasq issue with Skynet whitelist entries in /jffs/configs/dnsmasq.conf.add.
 
I happen to be configuring a new AX86U and notice that amtm says skynet [now?] requires a 2GB minimum swap file. My 88U install has a 1GB swap file from several years ago, FWIW.
 
Check syslog in case it’s a dnsmasq issue with Skynet whitelist entries in /jffs/configs/dnsmasq.conf.add.
There were a few empty lines at the head of the file. Deleting them didn't help.

But, I see a syslog message:

Error locking: /var/lock//usr/networkmap/[several files].js.lock

I have no such directory for lock files
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top