Skynet Skynet - Router Firewall & Security Enhancements

[JaimeZX]

So while this functionality is theoretically possible, I think its outside the scope of the project (atleast for now). It would require a lot of internal reworking / unneeded complexity and I feel would go mostly unused. It also could cause bigger issues in the long run support wise. Being a lone developer of the project its hard enough to keep thousands of people happy while answering their questions on unique setups frequently.

I understand IOT botnets are a concern, but I feel with banmalware sourcing 30 reputation lists (realistically this number would be more like 50 as firehol lists combine multiple) from some of the worlds most trusted sources, along with AiProtect you are in a pretty good position compared to the average joe.

Indeed. I appreciate the considered reply! Perhaps something to consider for someday should you ever decide to tear into the code and do a complete rewrite. Regardless, thanks much your time and efforts!

 

[Blacklistedcard]

Skynet Version; v6.0.1 (20/03/2018) running great on my AC86U

 

[skeal]

Hey @Adamm any idea why this won't start?

Mar 19 18:04:05 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/EXT2/skynet) (pid=765) - Exiting

All I'm doing is rebooting.

 

[skeal]

@Adamm only since 6.0.1
If I manually restart after lock file detected it works right away.

/jffs/scripts/firewall restart

First reboot since the update to 6.0.1

 

[skeal]

@Adamm there seems to be a problem in the logs as well.

Mar 19 19:28:38 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 4 Of 10 )
Mar 19 19:28:48 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/EXT2/skynet) (pid=761) - Exiting
Mar 19 19:29:34 nat: apply nat rules (/tmp/nat_rules_vlanx_vlanx)
Mar 19 19:29:35 custom_script: Running /jffs/scripts/firewall-start (args: vlan3000)
Mar 19 19:29:35 adaptive QOS: Delayed Start Cancelled
Mar 19 19:29:35 adaptive QOS: Delayed Start Triggered (5min)
Mar 19 19:29:35 QuincyVomCanisphere: End of firewall-start
Mar 19 19:29:35 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/EXT2/skynet )
Mar 19 19:29:56 Skynet: [Complete] 106675 IPs / 1489 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]

Cannot figure this one out.

 

[DonnyJohnny]

I wonder if the blocked ip is in a block ip range, will it display, coz sometime when I search the blocked ip, it didn’t show where list it is coming from.

Yes just read the results carefully.

@Adamm , could it because it is a country block ban that it is not displaying result of where the blocked ip belongs to which filter list?
Is country blocked ip searchable like banmalware? When I say searchable, I mean it will tell me this blocked ip belongs to this particular country block ipset. Or minimum tell me it is a country block instead of a banmalware block.

 

[Adamm]

@Adamm there seems to be a problem in the logs as well.

Mar 19 19:28:38 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 4 Of 10 )
Mar 19 19:28:48 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/EXT2/skynet) (pid=761) - Exiting
Mar 19 19:29:34 nat: apply nat rules (/tmp/nat_rules_vlanx_vlanx)
Mar 19 19:29:35 custom_script: Running /jffs/scripts/firewall-start (args: vlan3000)
Mar 19 19:29:35 adaptive QOS: Delayed Start Cancelled
Mar 19 19:29:35 adaptive QOS: Delayed Start Triggered (5min)
Mar 19 19:29:35 QuincyVomCanisphere: End of firewall-start
Mar 19 19:29:35 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/EXT2/skynet )
Mar 19 19:29:56 Skynet: [Complete] 106675 IPs / 1489 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]

Cannot figure this one out.

I don't see the issue here.

Mar 19 19:28:38 --> Skynet waits for the USB to mount before the startup process
Mar 19 19:28:48 --> Skynet detects another Skynet process already running (which is completely normal during the restart_firewall event)
Mar 19 19:29:35 --> Skynet continues with startup process
Mar 19 19:29:56 --> Skynet is done with startup

@Adamm , could it because it is a country block ban that it is not displaying result of where the blocked ip belongs to which filter list?
Is country blocked ip searchable like banmalware? When I say searchable, I mean it will tell me this blocked ip belongs to this particular country block ipset. Or minimum tell me it is a country block instead of a banmalware block.

The "stats search ip xxx.xxx.xxx.xxx" will tell you the exact ban reason for any IP. That will usually either be "Banmalware" "BlockedCountry" "ManualBan" or blank meaning it was an autoban.

 

[skeal]

I don't see the issue here.

Mar 19 19:28:38 --> Skynet waits for the USB to mount before the startup process
Mar 19 19:28:48 --> Skynet detects another Skynet process already running (which is completely normal during the restart_firewall event)
Mar 19 19:29:35 --> Skynet continues with startup process
Mar 19 19:29:56 --> Skynet is done with startup



The "stats search ip xxx.xxx.xxx.xxx" will tell you the exact ban reason for any IP. That will usually either be "Banmalware" "BlockedCountry" "ManualBan" or blank meaning it was an autoban.

When I reboot the script always finds a locked file and exits without continuing. I have done nothing but update to 6.0.1.

I don't see the issue here.

Mar 19 19:28:38 --> Skynet waits for the USB to mount before the startup process
Mar 19 19:28:48 --> Skynet detects another Skynet process already running (which is completely normal during the restart_firewall event)
Mar 19 19:29:35 --> Skynet continues with startup process
Mar 19 19:29:56 --> Skynet is done with startup



The "stats search ip xxx.xxx.xxx.xxx" will tell you the exact ban reason for any IP. That will usually either be "Banmalware" "BlockedCountry" "ManualBan" or blank meaning it was an autoban.

I messed the post up. Skynet detects the locked file and exits. The results in the post are after I restart the script. So I reboot the script does not start period.

 

[skeal]

This is what I see when I reboot

Mar 19 21:23:50 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/EXT2) (pid=760) - Exiting

The script does not continue on after this. The script just fails to start. I have to manually restart to get running after the boot.

 

[Adamm]

This is what I see when I reboot

Mar 19 21:23:50 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/EXT2) (pid=760) - Exiting

The script does not continue on after this. The script just fails to start. I have to manually restart to get running after the boot.

For some reason you have the v5 commandline printing there meaning there may be a leftover entry in your firewall-start file.

Investigate and delete it accordingly

 

[skeal]

For some reason you have the v5 commandline printing there meaning there may be a leftover entry in your firewall-start file.

Investigate and delete it accordingly

My firewall start is fine. I changed the start command as a method of testing to see what was wrong. I have posted many times here what is happening. The script starts waits for USB to mount and then detects locked file and exits. There are no strange entries in my firewall start. Should I post so you can see? The proper start command for version is there. I have this so many times. I have investigated timing of startup. Still nothing. I uninstalled tested reinstalled tested same thing over and over.

 

[FreshJR]

@skeal could be a permissions issue

Open the lock file manually and note the PID within.

Restart the script and see if that PID changes.

It could be that the script had no write access to the lock file. So it could be detecting the lock file but unable to delete or update it.

 

[skeal]

For some reason you have the v5 commandline printing there meaning there may be a leftover entry in your firewall-start file.

Investigate and delete it accordingly

This is firewall start

#!/bin/sh

/jffs/scripts/FreshJR_QOS -start &

[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager fw-rules

sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/EXT2/skynet # Skynet Firewall Addition

logger "End of firewall-start"

I don't know where the locked file is sorry.

 

[skeal]

@FreshJR The locked file result in logs before it exits is this

Mar 19 21:23:50 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/EXT2) (pid=760) - Exiting

If you both notice the log entry says EXITING not retrying or starting over but exiting. It never starts again.

 

[FreshJR]

Try

cat /tmp/skynet.lock

If it doesn't exist then it is as @Adamm has said.

A previous instance is completing its run. It says exiting (the duplicate instance) while original continues

I am going to stay out of this since this isn't my place to comment! Worst case I will spread misinformation and cause confusion. Sorry @Adamm this was the last comment.


It has to be what is happening since my script was retriggered as well due to multiple fire-wall starts issued within relatively quick succession.

 

[skeal]

Try

cat /tmp/skynet.lock

If it doesn't exist then it is as @Adamm has said.

A previous instance is completing its run.

I am going to stay out of this since this isn't my place to comment! Worst case I will spread misinformation and cause confusion. Sorry @Adamm this was the last comment.

No such file or directory.

 

[Adamm]

My firewall start is fine. I changed the start command as a method of testing to see what was wrong. I have posted many times here what is happening. The script starts waits for USB to mount and then detects locked file and exits. There are no strange entries in my firewall start. Should I post so you can see? The proper start command for version is there. I have this so many times. I have investigated timing of startup. Still nothing. I uninstalled tested reinstalled tested same thing over and over.

I can't replicate your issue (or maybe I'm misunderstanding it?)

When I issue the firewall restart command;

Mar 20 19:30:50 Skynet: [INFO] Restarting Skynet...
Mar 20 19:30:52 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )
Mar 20 19:31:12 Skynet: [Complete] 105828 IPs / 1487 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]

When I reboot the router;

Mar 20 19:33:50 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )
Mar 20 19:33:50 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1289) - Exiting
Mar 20 19:33:53 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1289) - Exiting
Mar 20 19:34:10 Skynet: [Complete] 105828 IPs / 1487 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]

Maybe try walk me through it again what exactly happens after a fresh reboot that shouldn't and provide the full logs so I can try assess it.

 

[skeal]

I checked the logs firewall start is only ran once like I said it tried 5 attempts

I can't replicate your issue (or maybe I'm misunderstanding it?)

When I issue the firewall restart command;

Mar 20 19:30:50 Skynet: [INFO] Restarting Skynet...
Mar 20 19:30:52 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )
Mar 20 19:31:12 Skynet: [Complete] 105828 IPs / 1487 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]

When I reboot the router;

Mar 20 19:33:50 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )
Mar 20 19:33:50 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1289) - Exiting
Mar 20 19:33:53 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1289) - Exiting
Mar 20 19:34:10 Skynet: [Complete] 105828 IPs / 1487 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]

Maybe try walk me through it again what exactly happens after a fresh reboot that shouldn't and provide the full logs so I can try assess it.

Here are my logs @Adamm hope this helps.

https://pastebin.com/mnKU1FHv

 

[FreshJR]

I think your getting caught up in a semantics issue.

When you start it up the original skynet instance begins to run and look for a USB drive.

Later you can see skynet getting triggered twice more. At this point it writes "lock file detected - exiting". Only those duplicate instances are exiting.

The original instance remains running in the background looking for that USB drive every 10sec.

It also seems like it found the USB drive after the 4th failed attempt since a 5th failed attempt was never written to the log file.

In your log file it didn't seem like skynet was done setting itself up.

Hope that helps.

 

[skeal]

I think your getting caught up in a semantics issue.

When you start it up the original skynet instance begins to run and look for a USB drive.

Later you can see skynet getting triggered twice more. At this point it writes "lock file detected - exiting". Only those duplicate instances are exiting.

The original instance remains running in the background looking for that USB drive every 10sec.

It also seems like it found the USB drive after the 4th failed attempt since a 5th failed attempt was never written to the log file.

In your log file it didn't seem like skynet was done setting itself up.

Hope that helps.

If this is the case why is firewall start (the only way on my system to start it) being called to startup more than once? Like I said I have made no other changes.