Skynet Skynet - Router Firewall & Security Enhancements

[bmb]

In ab-solution you need to “add plus content” under the option [ b ].

Sorry to be a nuisance, I don't have that option...

 What do you want to do?   b
____________________________________________________


 Change blocking file type info:
 This changes the blocking file type (AdsBeGone!)
 and the update day @ hour (Thursday @ 2:00)
 (after file selection).
 Six preset blocking types are built in.

 When selecting Custom type,
 /adblocking/custom_files/custom_hosts_list.txt
 will be created to customize.
 ---------------------------------------------------

 Continue? [1=Yes e=Exit] 1
 ---------------------------------------------------

 Select the blocking file type to use, consisting
 of amalgamated hosts files.
 Your current type is AdsBeGone!

 1. Standard: Combines these three hosts files:
    winhelp2002.mvps.org, someonewhocares.org,
    pgl.yoyo.org.
    Restricted blocking of Ads. If unsure, start here.
    Filesize: ~825 KB, ~25'600 blocked hosts.

 2. Medium: Standard files plus two more:
    malwaredomainlist.com, hosts-file.net/ad_servers.
    Blocks malware hosts. A good choice.
    Filesize: ~2.6 MB, ~69'200 blocked hosts.

 3. shooter40sw's: Medium files plus four more:
    hosts-file.net: emd, grm, mmt, ad_servers
    and adaway.org/hosts.txt
    Filesize: ~8.3 MB, ~240'000 blocked hosts.

 4. AdsBeGone!: shooter40sw's files plus two more:
    adblock.mahakala.is, StevenBlack/hosts
    (StevenBlack's list contains most host files)
    Filesize: ~13.4 MB, ~410'200 blocked hosts.

 5. Large: Medium files plus two hpHosts files:
    hosts-file.net and hphosts-partial (always latest).
    Be careful, this blocks a lot! Use only if you
    know how to use the whitelist. You have been warned!
    Filesize: ~26 MB, ~727'500 blocked hosts.

 6. AB-Maximum: All hosts files in 1-5.
    Be very careful, this blocks a lot!
    A swap file is highly recommended.
    Use [swap] to create it in AB-Solution.
    (StevenBlack's list contains most host files)
    Filesize: ~30 MB, ~886'000 blocked hosts.

 7. Custom: Assemble your own hosts files.
    Edit /adblocking/custom_files/custom_hosts_list.txt
    to include the hosts files you prefer.
    Run [u] to update the blocking file
    manually after changes to the file.

 +. Use additional hosts files. [off] (adds + to type)
    Adds these files to your blocking file type,
    unless already included: hosts-file.net/emd.txt,
    exp.txt, hjk.txt, mmt.txt and psh.txt.
    Exploit, hijack and phishing protection.

 Enter selection: [1-7,+ e=Exit]

I've forced reinstalled both Skynet and AB_Solution, that option still doesn't appear for me. Should I just delete everything and start again?

 

[Adamm]

I've forced reinstalled both Skynet and AB_Solution, that option still doesn't appear for me. Should I just delete everything and start again?

The option you are looking for is the last option, the "+" option.

 

[Adamm]

I've pushed v6.1.2

With it comes a feature that has been requested a few times that is now possible thanks to the v6 update. You can now exclude specific lists rather then having to host your own filter file in banmalware.

For example, you can exclude the lists named "list1.ipset" & "list2.ipset" via the following command (or main menu);

sh /jffs/scripts/firewall banmalware exclude "list1.ipset|list2.ipset"

To reset the exclusion list its as easy as;

sh /jffs/scripts/firewall banmalware exclude reset

Do note the quotes and pipe character in the command are required for multiple entries as a separator. I also suggest using specific filenames (not URLs), using a partial name or invalid string may lead to other lists being inadvertently excluded.

 

[DonnyJohnny]

I've pushed v6.1.2

With it comes a feature that has been requested a few times that is now possible thanks to the v6 update. You can now exclude specific lists rather then having to host your own filter file in banmalware.

For example, you can exclude the lists named "list1.ipset" & "list2.ipset" via the following command (or main menu);

sh /jffs/scripts/firewall banmalware exclude "list1.ipset|list2.ipset"

To reset the exclusion list its as easy as;

sh /jffs/scripts/firewall banmalware exclude reset

Do note the quotes and pipe character in the command are required for multiple entries as a separator. I also suggest using specific filenames (not URLs), using a partial name or invalid string may lead to other lists being inadvertently excluded.

when you say filename, meaning we need to pre-get the file from whichever like firehol into router first then execute command?
Or do you mean the filename of the existing ipset in the existing filter list. For example "firehol_level1.netset"

 

[Adamm]

when you say filename, meaning we need to pre-get the file from whichever like firehol into router first then execute command?
Or do you mean the filename of the existing ipset in the existing filter list. For example "firehol_level1.netset"

Using filehol as an example, if the following were on your filter.list;

https://iplists.firehol.org/files/firehol_level2.netset

You would exclude;

firehol_level2.netset

 

[DonnyJohnny]

Wow... I can see invalid packet in my log.. lol..
nice.. thanks..

 

[Butterfly Bones]

I turned off Logged packet type from Dropped to None in Asus-Merlin 384.4.2 (AC86U) today Apr 8 07:55. On firewall restart I have a persistent skynetloc file that will not remove. Tried all these from Skynet menu and command line - stop, restart, update, force update. I'm still on v.6.1.1. Inbound attempts appear to still be blocked.

Apr  8 07:00:02 Skynet: [Complete] 104686 IPs / 1646 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 1520 Inbound / 0 Outbound Connections Blocked! [save] [2s]

Apr  8 07:55:07 rc_service: httpds 851:notify_rc restart_firewall
Apr  8 07:55:08 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Apr  8 07:55:08 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Apr  8 07:55:08 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/SNB/skynet )
Apr  8 08:00:00 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=1235)
Apr  8 08:21:53 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=2882)
Apr  8 08:22:21 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=3115)
Apr  8 08:23:00 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=3348)
Apr  8 08:23:16 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=3584)
Apr  8 08:24:13 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting Apr  8 08:28:26 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=4150)
Apr  8 08:32:22 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=<redacted - MAC> SRC=77.72.82.22 DST=<redacted - IP> LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=20126 PROTO=TCP SPT=59522 DPT=3514 SEQ=2778203128 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Apr  8 08:32:49 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=<redacted - MAC> SRC=194.63.142.184 DST=<redacted - IP> LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30518 PROTO=TCP SPT=41182 DPT=4325 SEQ=272836367 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Apr  8 08:32:50 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=<redacted - MAC> SRC=5.188.11.63 DST=<redacted - IP> LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=26957 PROTO=TCP SPT=46010 DPT=4704 SEQ=952843249 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

checked firewall start

/tmp/home/root# cat /jffs/scripts/firewall-start
#!/bin/sh

[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager fw-rules
sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/SNB/skynet # Skynet Firewall Addition

 

[Adamm]

I turned off Logged packet type from Dropped to None in Asus-Merlin 384.4.2 (AC86U) today Apr 8 07:55. On firewall restart I have a persistent skynetloc file that will not remove. Tried all these from Skynet menu and command line - stop, restart, update, force update. I'm still on v.6.1.1. Inbound attempts appear to still be blocked.

Apr  8 07:00:02 Skynet: [Complete] 104686 IPs / 1646 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 1520 Inbound / 0 Outbound Connections Blocked! [save] [2s]

Apr  8 07:55:07 rc_service: httpds 851:notify_rc restart_firewall
Apr  8 07:55:08 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Apr  8 07:55:08 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Apr  8 07:55:08 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/SNB/skynet )
Apr  8 08:00:00 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=1235)
Apr  8 08:21:53 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=2882)
Apr  8 08:22:21 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=3115)
Apr  8 08:23:00 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=3348)
Apr  8 08:23:16 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=3584)
Apr  8 08:24:13 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting Apr  8 08:28:26 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/SNB/skynet) (pid=539) - Exiting (cpid=4150)
Apr  8 08:32:22 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=<redacted - MAC> SRC=77.72.82.22 DST=<redacted - IP> LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=20126 PROTO=TCP SPT=59522 DPT=3514 SEQ=2778203128 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Apr  8 08:32:49 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=<redacted - MAC> SRC=194.63.142.184 DST=<redacted - IP> LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30518 PROTO=TCP SPT=41182 DPT=4325 SEQ=272836367 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Apr  8 08:32:50 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=<redacted - MAC> SRC=5.188.11.63 DST=<redacted - IP> LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=26957 PROTO=TCP SPT=46010 DPT=4704 SEQ=952843249 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

checked firewall start

/tmp/home/root# cat /jffs/scripts/firewall-start
#!/bin/sh

[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager fw-rules
sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/SNB/skynet # Skynet Firewall Addition

Skynet must have gotten stuck during startup, and judging by the fact you have IPTables rules present towards literally right before the script ends. While I don't think this is a reproducible issue, we can try get some extra information via the ps command, see if any process is stuck.

ps

Then once you've copied the output, you can simply kill the stuck Skynet process via;

kill 539

 

[Butterfly Bones]

Skynet must have gotten stuck during startup, and judging by the fact you have IPTables rules present towards literally right before the script ends. While I don't think this is a reproducible issue, we can try get some extra information via the ps command, see if any process is stuck.

ps

Then once you've copied the output, you can simply kill the stuck Skynet process via;

kill 539

Pffffttt. I really should have known to do this, sorry, I even pasted that PID into my post multiple times.

Thank you for replying. I had a long hard physically demanding day yesterday and getting enough caffeine into my system to kick start my brain is an incomplete task.

I did a bunch of edits to the AB-Solution whitelist last night tracking down "handshake error: unknown cert" from my Android devices that pixelserv identifies, and of course that updates shared whitelists and restarts Skynet. I'm guessing that is what got me into this pickle, so many restarts in a fairly short time.

 

[Adamm]

@Adamm feature req: the ability to detect and use pre-existing linux swap partition.

Basic support was added a few weeks ago. Skynet will allow installation to continue if a swap partition or file is detected. With that being said I do recommend a swap file over a swap partition as they are significantly easier to manage, but each to their own.

 

[Adamm]

I've pushed v6.1.3

Minor under the hood changes, mostly fixing a race condition in Refresh_MWhitelist () and improving some unnecessarily complex code.

 

[skeal]

Updated and working. Thanks @Adamm

 

[penguin22]

No problem running 6.1.3; quick simple question, following a temporary disable of Skynet, it appears that loading the menu restarts service from what I can tell; is this expected behavior?

 

[Adamm]

No problem running 6.1.3; quick simple question, following a temporary disable of Skynet, it appears that loading the menu restarts service from what I can tell; is this expected behavior?

I can't replicate this on my end.

admin@RT-AC86U-2EE8:/tmp/home/root# firewall disable
#!/bin/sh
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 11/04/2018 -           Asus Firewall Addition By Adamm v6.1.3                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


Skynet: [INFO] Disabling Skynet...
Saving Changes
Unloading IPTables Rules
Unloading IPSets



admin@RT-AC86U-2EE8:/tmp/home/root# firewall
#!/bin/sh
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 11/04/2018 -           Asus Firewall Addition By Adamm v6.1.3                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


Router Model; RT-AC86U
Skynet Version; v6.1.3 (11/04/2018)
iptables v1.4.15 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.5_alpha2-gcc44562 (Apr 6 2018) (4.1.27)
Install Dir; /tmp/mnt/Elements/skynet (1.1T / 1.7T Space Available)
SWAP File; /tmp/mnt/Elements/myswap.swp (512.0M)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/Elements/skynet

Checking Inbound Filter Rules...            [Failed]
Checking Outbound Filter Rules...            [Failed]
Checking Whitelist IPSet...                [Failed]
Checking BlockedRanges IPSet...                [Failed]
Checking Blacklist IPSet...                [Failed]
Checking Skynet IPSet...                [Failed]

Select Menu Option:
[1]  --> Unban
[2]  --> Ban
[3]  --> Banmalware
[4]  --> Whitelist
[5]  --> Import IP List
[6]  --> Deport IP List
[7]  --> Save
[8]  --> Restart Skynet
[9]  --> Temporarily Disable Skynet
[10] --> Update Skynet
[11] --> Debug Options
[12] --> Stats
[13] --> Install Skynet / Change Boot Options
[14] --> Uninstall

[r]  --> Reload Menu
[e]  --> Exit Menu

[1-14]: e

Exiting!




admin@RT-AC86U-2EE8:/tmp/home/root# firewall debug info
#!/bin/sh
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 11/04/2018 -           Asus Firewall Addition By Adamm v6.1.3                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


Router Model; RT-AC86U
Skynet Version; v6.1.3 (11/04/2018)
iptables v1.4.15 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.5_alpha2-gcc44562 (Apr 6 2018) (4.1.27)
Install Dir; /tmp/mnt/Elements/skynet (1.1T / 1.7T Space Available)
SWAP File; /tmp/mnt/Elements/myswap.swp (512.0M)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/Elements/skynet
No Lock File Found

Checking Install Directory Write Permissions...        [Passed]
Checking Firewall-Start Entry...            [Passed]
Checking Services-Stop Entry...                [Passed]
Checking CronJobs...                    [Failed]
Checking IPSet Comment Support...            [Passed]
Checking Log Level 5 Settings...            [Passed]
Checking For Duplicate Rules In RAW...            [Passed]
Checking Inbound Filter Rules...            [Failed]
Checking Inbound Debug Rules                [Failed]
Checking Outbound Filter Rules...            [Failed]
Checking Outbound Debug Rules                [Failed]
Checking Whitelist IPSet...                [Failed]
Checking BlockedRanges IPSet...                [Failed]
Checking Blacklist IPSet...                [Failed]
Checking Skynet IPSet...                [Failed]
Checking For AB-Solution Plus Content...        [Passed]

Skynet: [Complete] 104947 IPs / 1592 Ranges Banned. 0 New IPs / 0 New Ranges Banned.  Inbound /  Outbound Connections Blocked! [debug] [1s]

admin@RT-AC86U-2EE8:/tmp/home/root#

 

[penguin22]

I can't replicate this on my end.

I tried reproducing and couldn't replicate, however did unintentionally start Skynet after temporarily disabling yesterday. Not sure what triggered the restart as I have tried loading through amtm, viewing the debug log, viewing stats and in all scenarios, it remains disabled.

 

[Adamm]

I tried reproducing and couldn't replicate, however did unintentionally start Skynet after temporarily disabling yesterday.

The only way without using Skynet directly is if the firewall service on the router is restarted. This is linked to a lot of features like miniupnpd and GUI settings.

 

[penguin22]

The only way without using Skynet directly is if the firewall service on the router is restarted. This is linked to a lot of features like miniupnpd and GUI settings.

This is possible as I was making changes elsewhere, including with OpenVPN settings. I did see the Skynet start in the system log, but it did not indicate what started it at the time. Thanks for looking.

 

[Martin_D]

Am seeing a new error code BLOCKED - INVALID

Apr 11 21:39:14 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC= SRC=187.10.219.116 DST=* LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=36070 DF PROTO=TCP SPT=35951 DPT=81 SEQ=1033629748 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0

 

[Butterfly Bones]

Am seeing a new error code BLOCKED - INVALID

Apr 11 21:39:14 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC= SRC=187.10.219.116 DST=* LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=36070 DF PROTO=TCP SPT=35951 DPT=81 SEQ=1033629748 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0

Due to changes in version 6.1.0.
https://www.snbforums.com/threads/s...manual-ip-blocking.16798/page-122#post-395238

Read a couple pages back from there and a couple after to see why.

 

[DonnyJohnny]

@Adamm
Currently I have an aggressive ip doing port scanning at like 16-20 per min...
I notice that the purge log is not working well.
I note that during 5.7.5, you bring in auto purge log when reached 24.
https://github.com/Adamm00/IPSet_ASUS/commit/d144763671cccf1fdc9aee2d51f81cb95baac189

My current situation:
1. Did a manual reset of log at 06:02 to zero.
2. purge activated at 06:11 due to banmalware update set at (06:10) with 99 incoming blocked.
3. After that, no purge till the hourly purge at 07:00 with 717 incoming blocking

Can you explain again how the purge work?

Also, is there a way to temporary stop logging certain IP that is currently hitting the router so that the log is more cleaner?