Just run the install command again, it wont erase any data just change your boot options.
Excuse the noob question. My understanding is that when using autoban IP's will only be blacklisted if they send an invalid packet twice within a 5 minute period, on the first attempt it will be silently dropped. What is considered an invalid packet? I guess I am trying to understand if a legitimate IP could be sending invalid packets and if that would have to do with bad ( not necessarily malicious) programming.
Mar 9 14:42:33 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Mar 9 14:42:33 Skynet: [INFO] Startup Initiated... ( debug banmalware usb=/tmp/mnt/ASUS )
Mar 9 14:42:53 Skynet: [Complete] 3 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]
Go into skynet menu and run banmalware.Not sure I've installed this correctly... ( I probably just don't understand how it is supposed to work. )
At startup, I get this in syslog:
Code:Mar 9 14:42:33 custom_script: Running /jffs/scripts/firewall-start (args: eth0) Mar 9 14:42:33 Skynet: [INFO] Startup Initiated... ( debug banmalware usb=/tmp/mnt/ASUS ) Mar 9 14:42:53 Skynet: [Complete] 3 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]
With "banmalware", shouldn't there be a bunch of IPs / ranges banned? The command "ipset list" shows Whitelist 810 entries, Blacklist 3 entries, and BlockedRanges 0 entries. What happens to all the IPs downloaded from the master filter.list file urls?
Use amtm its the best for use with skynet ab-solution dnscrypt etc.Go into skynet menu and run banmalware.
Ok, that helped a bunch. Thanks!Go into skynet menu and run banmalware.
Yes its a onetime command. Each night skynet will update itself you will see it in the system logs.Ok, that helped a bunch. Thanks!
So does the "banmalware" parameter at startup provide for maintenance of the lists, but not the initial population? I did specify updates to the malware list during install, so I assume I only have to manually run banmalware from the menu this one time?
Great - Thanks for the help!Yes its a onetime command. Each night skynet will update itself you will see it in the system logs.
This would indicate your router's clock isn't properly set, so the certificate is set for a future date.
Great - Thanks for the help!
Question, and a rather basic one I guess: I did run Skynet once upon a time, however after a few - let's call it minor issues with stability - odd happenings I removed it all and installed my own old stuff (that does basically the same thing however not as advanced as Skynet, nor auto update or anything). So, is there a way to have autoupdate to ONLY update to say at least one week old stuff? Not the latest but more the most stable?
Hi @Adamm
Lately this script has been blocking YouTube for me. I've whitelisted the IPs when performing a debug watch, however it can become frustrating when I keep having to do this multiple times as it seems different IP addresses are used. Is it possible to add the full range of IPs being used by Youtube to be whitelisted universally?
Thanks
I use YouTube daily and have never run into any issues, if you could provide any example IP's I can investigate further.
I find the same. I had to unban IP 24.156.131.82.
admin@RT-AC86U-2EE8:/tmp/home/root# firewall stats search malware 24.156.131.82
#!/bin/sh
#############################################################################################################
# _____ _ _ _____ #
# / ____| | | | | ____| #
# | (___ | | ___ _ _ __ ___| |_ __ _| |__ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \ #
# ____) | <| |_| | | | | __/ |_ \ V / ___) | #
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ |____/ #
# __/ | #
# |___/ #
# #
## - 3/03/2018 - Asus Firewall Addition By Adamm v5.8.5 #
## https://github.com/Adamm00/IPSet_ASUS #
#############################################################################################################
Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 3.8M
Monitoring From Mar 7 06:58:37 To Mar 12 05:24:54
17109 Block Events Detected
2189 Unique IPs
8 Autobans Issued
1 Manual Bans Issued
Exact Matches;
Possible CIDR Matches;
Skynet: [Complete] 95991 IPs / 1589 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 573 Inbound / 422 Outbound Connections Blocked! [7s]
That IP is not currently blocked by any list.
Code:admin@RT-AC86U-2EE8:/tmp/home/root# firewall stats search malware 24.156.131.82 #!/bin/sh ############################################################################################################# # _____ _ _ _____ # # / ____| | | | | ____| # # | (___ | | ___ _ _ __ ___| |_ __ _| |__ # # \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \ # # ____) | <| |_| | | | | __/ |_ \ V / ___) | # # |_____/|_|\_\\__, |_| |_|\___|\__| \_/ |____/ # # __/ | # # |___/ # # # ## - 3/03/2018 - Asus Firewall Addition By Adamm v5.8.5 # ## https://github.com/Adamm00/IPSet_ASUS # ############################################################################################################# Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 3.8M Monitoring From Mar 7 06:58:37 To Mar 12 05:24:54 17109 Block Events Detected 2189 Unique IPs 8 Autobans Issued 1 Manual Bans Issued Exact Matches; Possible CIDR Matches; Skynet: [Complete] 95991 IPs / 1589 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 573 Inbound / 422 Outbound Connections Blocked! [7s]
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!