What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@Adamm how to I go about enabling autoban? Is this something that has to be chosen at installation time as I don't see the option in the menu. Thanks in advance.

Just run the install command again, it wont erase any data just change your boot options.
 
Excuse the noob question. My understanding is that when using autoban IP's will only be blacklisted if they send an invalid packet twice within a 5 minute period, on the first attempt it will be silently dropped. What is considered an invalid packet? I guess I am trying to understand if a legitimate IP could be sending invalid packets and if that would have to do with bad ( not necessarily malicious) programming.
 
Excuse the noob question. My understanding is that when using autoban IP's will only be blacklisted if they send an invalid packet twice within a 5 minute period, on the first attempt it will be silently dropped. What is considered an invalid packet? I guess I am trying to understand if a legitimate IP could be sending invalid packets and if that would have to do with bad ( not necessarily malicious) programming.

https://en.wikipedia.org/wiki/Stateful_firewall
 
Not sure I've installed this correctly... ( I probably just don't understand how it is supposed to work. )

At startup, I get this in syslog:
Code:
Mar  9 14:42:33 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Mar  9 14:42:33 Skynet: [INFO] Startup Initiated... ( debug banmalware usb=/tmp/mnt/ASUS )
Mar  9 14:42:53 Skynet: [Complete] 3 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]

With "banmalware", shouldn't there be a bunch of IPs / ranges banned? The command "ipset list" shows Whitelist 810 entries, Blacklist 3 entries, and BlockedRanges 0 entries. What happens to all the IPs downloaded from the master filter.list file urls?
 
Not sure I've installed this correctly... ( I probably just don't understand how it is supposed to work. )

At startup, I get this in syslog:
Code:
Mar  9 14:42:33 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Mar  9 14:42:33 Skynet: [INFO] Startup Initiated... ( debug banmalware usb=/tmp/mnt/ASUS )
Mar  9 14:42:53 Skynet: [Complete] 3 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]

With "banmalware", shouldn't there be a bunch of IPs / ranges banned? The command "ipset list" shows Whitelist 810 entries, Blacklist 3 entries, and BlockedRanges 0 entries. What happens to all the IPs downloaded from the master filter.list file urls?
Go into skynet menu and run banmalware.
 
Go into skynet menu and run banmalware.
Ok, that helped a bunch. :) Thanks!

So does the "banmalware" parameter at startup provide for maintenance of the lists, but not the initial population? I did specify updates to the malware list during install, so I assume I only have to manually run banmalware from the menu this one time?
 
Ok, that helped a bunch. :) Thanks!

So does the "banmalware" parameter at startup provide for maintenance of the lists, but not the initial population? I did specify updates to the malware list during install, so I assume I only have to manually run banmalware from the menu this one time?
Yes its a onetime command. Each night skynet will update itself you will see it in the system logs.
 
Great - Thanks for the help!

For reference the list would have populated once the next timer was due, its somewhat of a limitation that its not immediately populated but I like the firewall and/or router to do a clean reboot before doing any heavy lifting just to make sure everything runs as expected and starts from a fresh slate. But as you found out, running the banmalware command in the meantime is another method to get it populated.
 
Question, and a rather basic one I guess: I did run Skynet once upon a time, however after a few - let's call it minor issues with stability - odd happenings I removed it all and installed my own old stuff (that does basically the same thing however not as advanced as Skynet, nor auto update or anything). So, is there a way to have autoupdate to ONLY update to say at least one week old stuff? Not the latest but more the most stable?
 
Question, and a rather basic one I guess: I did run Skynet once upon a time, however after a few - let's call it minor issues with stability - odd happenings I removed it all and installed my own old stuff (that does basically the same thing however not as advanced as Skynet, nor auto update or anything). So, is there a way to have autoupdate to ONLY update to say at least one week old stuff? Not the latest but more the most stable?

Skynet for the last year has gone through various development stages. Some being more indepth then others requiring significant rewrites. With that being said Skynet is more or less done with any major changes (atleast with this version). Updates lately have been more QOL or aesthetic. While I can't make any guarantees, there shouldn't be major bugs until a time comes where another significant update is appropriate.
 
Hi @Adamm

Lately this script has been blocking YouTube for me. I've whitelisted the IPs when performing a debug watch, however it can become frustrating when I keep having to do this multiple times as it seems different IP addresses are used. Is it possible to add the full range of IPs being used by Youtube to be whitelisted universally?

Thanks
 
Hi @Adamm

Lately this script has been blocking YouTube for me. I've whitelisted the IPs when performing a debug watch, however it can become frustrating when I keep having to do this multiple times as it seems different IP addresses are used. Is it possible to add the full range of IPs being used by Youtube to be whitelisted universally?

Thanks


I use YouTube daily and have never run into any issues, if you could provide any example IP's I can investigate further.
 
I find the same. I had to unban IP 24.156.131.82.

That IP is not currently blocked by any list.

Code:
admin@RT-AC86U-2EE8:/tmp/home/root# firewall stats search malware 24.156.131.82
#!/bin/sh
#############################################################################################################
#                    _____ _                     _           _____                     #
#                   / ____| |                   | |         | ____|                    #
#                  | (___ | | ___   _ _ __   ___| |_  __   _| |__                      #
#                   \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \                     #
#                   ____) |   <| |_| | | | |  __/ |_   \ V / ___) |                    #
#                  |_____/|_|\_\\__, |_| |_|\___|\__|   \_/ |____/                     #
#                                __/ |                                                 #
#                               |___/                                                  #
#                                                        #
## - 3/03/2018 -           Asus Firewall Addition By Adamm v5.8.5                    #
##                   https://github.com/Adamm00/IPSet_ASUS                    #
#############################################################################################################


Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 3.8M
Monitoring From Mar 7 06:58:37 To Mar 12 05:24:54
17109 Block Events Detected
2189 Unique IPs
8 Autobans Issued
1 Manual Bans Issued

Exact Matches;


Possible CIDR Matches;


Skynet: [Complete] 95991 IPs / 1589 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 573 Inbound / 422 Outbound Connections Blocked! [7s]
 
That IP is not currently blocked by any list.

Code:
admin@RT-AC86U-2EE8:/tmp/home/root# firewall stats search malware 24.156.131.82
#!/bin/sh
#############################################################################################################
#                    _____ _                     _           _____                     #
#                   / ____| |                   | |         | ____|                    #
#                  | (___ | | ___   _ _ __   ___| |_  __   _| |__                      #
#                   \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \                     #
#                   ____) |   <| |_| | | | |  __/ |_   \ V / ___) |                    #
#                  |_____/|_|\_\\__, |_| |_|\___|\__|   \_/ |____/                     #
#                                __/ |                                                 #
#                               |___/                                                  #
#                                                        #
## - 3/03/2018 -           Asus Firewall Addition By Adamm v5.8.5                    #
##                   https://github.com/Adamm00/IPSet_ASUS                    #
#############################################################################################################


Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 3.8M
Monitoring From Mar 7 06:58:37 To Mar 12 05:24:54
17109 Block Events Detected
2189 Unique IPs
8 Autobans Issued
1 Manual Bans Issued

Exact Matches;


Possible CIDR Matches;


Skynet: [Complete] 95991 IPs / 1589 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 573 Inbound / 422 Outbound Connections Blocked! [7s]

Yup. I did the same search and it wasn’t in the malware list. There wasn’t a reason mentioned. This happened a few times with YouTube. Wonder if this is somehow kicking off the IPS in the router.




Sent from my iPhone using Tapatalk
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top