M
MarCoMLXXV
Guest
Correct, the update command also does this exactly (if it detects a change in version number) if you're lazy like me
Quilty as charged sir. Sound like a typical case of RTFM (on my side) to me. Thanks!
Correct, the update command also does this exactly (if it detects a change in version number) if you're lazy like me
May 16 18:33:04 dMP17 Skynet: [New Version Detected - Updating To v4.0.2]... ... ...
May 16 18:33:04 dMP17 Skynet: [Skynet Sucessfully Updated]
May 16 18:35:29 dMP17 dropbear: Child connection from xxx.xxx.xxx.xxx:32476
May 16 18:35:29 dMP17 dropbear: Exit before auth: Exited normally
May 16 18:35:38 dMP17 Skynet: [IP Banning Started] ... ... ...
May 16 18:35:39 dMP17 Skynet: [Complete] 32 IPs / 0 Ranges banned. 5 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [1s]
I noticed that firewall wasn't restarted (at least, it doesn't show up in syslog, as I expected, after your reply a couple of posts back), so I restarted it manually after updating:
Code:May 16 18:33:04 dMP17 Skynet: [New Version Detected - Updating To v4.0.2]... ... ... May 16 18:33:04 dMP17 Skynet: [Skynet Sucessfully Updated] May 16 18:35:29 dMP17 dropbear: Child connection from xxx.xxx.xxx.xxx:32476 May 16 18:35:29 dMP17 dropbear: Exit before auth: Exited normally May 16 18:35:38 dMP17 Skynet: [IP Banning Started] ... ... ... May 16 18:35:39 dMP17 Skynet: [Complete] 32 IPs / 0 Ranges banned. 5 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [1s]
Is that intended?
seperate section in ipset.txt or even a commend at the end of the line (if possible) would suffice.
I'm running Skynet 4.0.4 and just started and enabled debug.. when I run stats I notice my cable-modem's WAN ip in the "Last 10 Connections Blocked;", "Last Autobans", and in the "Top 10 Attackers"
3x https://otx.alienvault.com/indicator/ip/xxx.xxx.xxx.xxx
nvram get wan_ipaddr
Don't use wan_ipaddr, use wan0_ipaddr (wan_ipaddr is a construct used by the gui to manage multiple wans).Must be sending an invalid packet for whatever reason, just to be clear the IP is the same as when you run the following command? (if so we can just whitelist it by default)
Code:nvram get wan_ipaddr
Don't use wan_ipaddr, use wan0_ipaddr (wan_ipaddr is a construct used by the gui to manage multiple wans).
Things get a bit more complicated if you want to support dual-wan environments.
sed '\~cru a Firewall_save ~d' /jffs/scripts/firewall-start
It is the same. It's set by the cable ISP so I can not whitelist it permanently(it can change).Must be sending an invalid packet for whatever reason, just to be clear the IP is the same as when you run the following command? (if so we can just whitelist it by default)
Code:nvram get wan_ipaddr
Thanks for the heads up, pushed a fix.
Also, I have updated firewall-start as per RMerlins request. The cron line is no longer needed, and I have provided an uninstall function (who needs this right )
If you're unsure how to remove the legacy code manually, issue the following command in SSH;
Code:sed '\~cru a Firewall_save ~d' /jffs/scripts/firewall-start
@Adamm - This is actually a good point.....not sure how you are managing the whitelist, but this can change on every reboot or renew. You may need to keep track of the last value, and remove it when whitelisting the new value.It is the same. It's set by the cable ISP so I can not whitelist it permanently(it can change).
The IP should be whitelisted upon script startup, to remove the old logs use the following command;It's still showing up in the blocked lists.
sh /jffs/scripts/firewall stats reset
I just whitelist the value on boot (aka restart_firewall event). There's no great way to track it as I'd rather not dedicate nvram space or a logfile to it, but I figure "safe" IPs like this can be left alone. You could get issued 10 IPs per day and after a year not have any effect on IPSet performance. Debatable its 'bad security', but just because an IP is whitelisted doesn't give it any special privileges over other traffic besides being banned without question.not sure how you are managing the whitelist, but this can change on every reboot or renew
The IP should be whitelisted upon script startup, to remove the old logs use the following command;
Code:sh /jffs/scripts/firewall stats reset
I just whitelist the value on boot (aka restart_firewall event). There's no great way to track it as I'd rather not dedicate nvram space or a logfile to it, but I figure "safe" IPs like this can be left alone. You could get issued 10 IPs per day and after a year not have any effect on IPSet performance. Debatable its 'bad security', but just because an IP is whitelisted doesn't give it any special privileges over other traffic besides being banned without question.
Perhaps if it was always the first entry in the whitelist then you would know which one to delete when it changed... or perhaps allow comments in the file and then tag it. Just an idea from the peanut gallery.
sh /jffs/scripts/firewall update
sh /jffs/scripts/firewall install
Strange, discord has never blocked itsself for me in the past 3 years, but lets try track it down anyway.I had to disable it for now as it has blocked Discord from connecting until I can find the time to work out what IP's to whitelist.
sh /jffs/scripts/firewall install
(Select option 3)
ping us-east37.discord.gg
sh /jffs/scripts/firewall stats search ip IPHERE
sh /jffs/scripts/firewall whitelist domain us-east37.discord.gg
Because of the stricter auto-whitelist rules, it will take a little longer for such websites. False positives are scanned for at the end of every hour and unbanned (and whitelist if detected 3 times within 2 weeks, I may bump this down to 2 times). To bypass this process simply do;Also looks like imugr.com is getting blocked somehow.
sh /jffs/scripts/firewall whitelist domain imgur.com
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!