What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hmm, that's possible. Interestingly I can't find the specific whiteliste entry in Skynet anymore. But I also get
`touch: /tmp/mnt/sda1/skynet/events.log: Input/output error`

That indicates USB related issues, I suggest starting with a reboot.

and then there's

Looks like its a regional CDN, luckily whitelisting is pretty painless.

Both Alexa on a 7th Gen Fire HD and World of Tanks updater are blocked

Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!

1.) Enable Debug Mode
Code:
sh /jffs/scripts/firewall settings debugmode enable

2.) Open the blocked application/website and use the command;

Code:
sh /jffs/scripts/firewall debug watch

Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;
Code:
DST=175.115.37.52

4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.

Code:
https://otx.alienvault.com/indicator/ip/175.115.37.52/

5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

Code:
sh /jffs/scripts/firewall whitelist ip 175.115.37.52
 
I already have - just thought it might save some time for someone if they do a search ...........

The error in Alexa is ambiguous to say the least:

Certificate error, please update Android system webview
 
Thanks for your hard work!!! I was looking at Comodo and Google DNS (I already have Diversion installed, and I am not sure if Diversion and a custom DNS play nicely), and was wondering if blocking at the router level is actually a better option.

What are freely available blocklists like? Could I get theoretically as good if not better protection than say with Comodo Secure DNS? If something is blocked, for example my wife going to a stupid phishing site, can it present some sort of warning page?

I'm sporting a Asus RT-AC86U with everything running too so I hope it can handle this running as well - I assume it's literally just a script working with the already running firewall.

The reports look interesting too, which is what I was looking for with Comodo Secure DNS anyway.
 
Thanks for your hard work!!! I was looking at Comodo and Google DNS (I already have Diversion installed, and I am not sure if Diversion and a custom DNS play nicely), and was wondering if blocking at the router level is actually a better option.

What are freely available blocklists like? Could I get theoretically as good if not better protection than say with Comodo Secure DNS? If something is blocked, for example my wife going to a stupid phishing site, can it present some sort of warning page?

I'm sporting a Asus RT-AC86U with everything running too so I hope it can handle this running as well - I assume it's literally just a script working with the already running firewall.

The reports look interesting too, which is what I was looking for with Comodo Secure DNS anyway.

I guess it comes down to personal preference. I like to block things at a router level myself rather then rely on a third party service.

As for a "warning page", this is unfortunately not possible in its current design and instead it will just time you out, but identifying a block is pretty simple once you know what you're doing.
 
I guess it comes down to personal preference. I like to block things at a router level myself rather then rely on a third party service.
I'm with you. DNS filtering is nice but it seems like a 'layered' protection to me. Actual IP blocking is more solid. Where do these block lists come from and who maintains them anyway?

So with Diversion + Skynet + AIProtection it should be pretty solid now, except when I leave home :-( Which I'm working on via persistent VPN.
 
I'm with you. DNS filtering is nice but it seems like a 'layered' protection to me. Actual IP blocking is more solid. Where do these block lists come from and who maintains them anyway?

So with Diversion + Skynet + AIProtection it should be pretty solid now, except when I leave home :-( Which I'm working on via persistent VPN.

Skynet suggests the following lists by default but this can be customized to your liking. They are sourced from a number of reputable vendors.

https://github.com/Adamm00/IPSet_ASUS/blob/master/filter.list
 
Oh ok thanks..

So when say a phishing scam goes around there is a chance it may appear on these blocklists.

All the more reason to also implement on my mobile or force persistent VPN back through home.

Sent from my SM-G965F using Tapatalk
 
So when say a phishing scam goes around there is a chance it may appear on these blocklists.

Thats the plan :p

All the more reason to also implement on my mobile or force persistent VPN back through home.

I highly suggest this setup which I use myself assuming you have enough bandwidth on both ends. That way you can take the benefits of Skynet + Diversion on any mobile device on other networks.
 
How did you force VPN clients to use local DNS and firewall? Do you use VPN auto connect? Any side effects?

Sent from my SM-G965F using Tapatalk
 
How did you force VPN clients to use local DNS and firewall? Do you use VPN auto connect? Any side effects?

Sent from my SM-G965F using Tapatalk

Pretty straight forward setup, setup the OpenVPN server on your router and make sure “Advertise DNS to clients” is enabled.

Then I just connect using the openvpn app on my iPhone which has a range of options like only connect while on mobile networks.
 
Forgive my ignorance but can I do the following;

1) list the country abbreviations
2) select more then 1 country to block?

I’ve blocked CN which I’m assuming is China but how do I add to that list?

I’m sure the answer is simple, obvious and show how clueless I am. :))
 
Thought so but whenever I tried that, only the first country seemed to get banned. Figured ‘‘twas just something stupid I did. Will try that again once I’m back home.

The positioning of the quotes is important.
 
Thank you so much sir. You have put my mind at rest. It looked to me that it was a legit NTP request also. I'm just wondering why a USA security company installed in central Canada would need to sync time with a server in the Ukraine? Hmmm....bit of a mystery.:confused:

Not sure if your security devices need wan access for more than ntp, but if not, you might try making use of this script by Martineau:

https://www.snbforums.com/threads/h...ce-stopping-outbound-connections.38086/page-2

I use it to block all outside access for my security cameras (I use a vpn for access, and have a secured app for phone notifications). The script also blocks ntp. So I use this script to run an ntp daemon right on the router for all local devices to use (in particular the cams which have no other means to get time):

https://github.com/RMerl/asuswrt-merlin/wiki/Setting-up-an-NTP-Server-for-your-local-lan

I suppose it wouldn't be hard to edit Martineau's script to allow comms through wan if you need that. Either way, this might be a way for you to avoid having to whitelist ntp servers.
 
This is the result of trying to ban "cn pk kp"

/jffs/scripts/firewall: /tmp/mnt/rstick/skynet/skynet.cfg: line 17: pk: not found

Code:
skynet@RT-AC86U-2EE8:/tmp/home/root# sh /jffs/scripts/firewall ban country "cn pk kp"
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 24/09/2018 -           Asus Firewall Addition By Adamm v6.4.7                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


[i] Banning Known IP Ranges For (cn pk kp)
[i] Downloading Lists
[i] Filtering IPv4 Ranges & Applying Blacklists
[i] Saving Changes

[#] 162618 IPs (+0) -- 7291 Ranges Banned (+5419) || 3308 Inbound -- 86 Outbound Connections Blocked! [ban] [6s]

skynet@RT-AC86U-2EE8:/tmp/home/root#

Works for me, are you using the same command?
 
This is the result of trying to ban "cn pk kp"

/jffs/scripts/firewall: /tmp/mnt/rstick/skynet/skynet.cfg: line 17: pk: not found

I think I can reproduce this, if you are using the menu there's no need for quotes, I'll add an automated check to the function.
 
Works for me, are you using the same command?

Pretty sure. Tried "cn pk kp" and got the previous result. Now I tried the following;

Input Country Abbreviations To Ban:
[Countries]: "cn kp pk"

[$] /jffs/scripts/firewall ban country "cn kp pk"

Banning Known IP Ranges For ("cn kp pk")
Downloading Lists
Filtering IPv4 Ranges & Applying Blacklists
ipset v6.32: Unknown argument: `kp'
Try `ipset help' for more information.
Saving Changes

[#] 162786 IPs (+0) -- 1889 Ranges Banned (+0) || 0 Inbound -- 127 Outbound Connections Blocked! [ban] [10s]

Unknown argument?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top