Skynet Skynet - Router Firewall & Security Enhancements

[thelonelycoder]

@Adamm—-when I installed Skynet last night, went with 2GB option for my swap file as I wasn’t sure what to go with (option 4 I think). Is that too much space?

I am currently using a Sandisk Ultra Flair 16GB thumb drive so I wasn’t very concerned.

Thank you!




Sent from my iPhone using Tapatalk

I usually set it to the same as the routers memory/RAM. 256MB works 99% of the time. Yours is certainly never exhausted.

 

[Adamm]

I'm still thinking about having something like this in post-mount instead of the hard path:

Both methods work, I personally prefer for Skynet to validate the entry, keep the config files basic as possible. It also allows us to grep the files.

@Adamm—-when I installed Skynet last night, went with 2GB option for my swap file as I wasn’t sure what to go with (option 4 I think). Is that too much space?

I am currently using a Sandisk Ultra Flair 16GB thumb drive so I wasn’t very concerned.

Thank you!




Sent from my iPhone using Tapatalk

Personally I rarely tap into the swap so any size should be fine, its more to prevent fork() errors introduced with the HND models. But if the space is free anyway it won't hurt.

 

[Marin]

Great! Thank you @Adamm and @lonelycoder!


Sent from my iPhone using Tapatalk

 

[thelonelycoder]

Small glitch @Adamm when fs is configured but switched to disabled:
With firewall fs it switches without a glitch to enabled.
Doing the same via the menu option 11 and enabling it, it will ask to "Input Custom Filter List URL:" but this is already set.

 

[Adamm]

Small glitch @Adamm when fs is configured but switched to disabled:
With firewall fs it switches without a glitch to enabled.
Doing the same via the menu option 11 and enabling it, it will ask to "Input Custom Filter List URL:" but this is already set.

Its more a design flaw. The functionality your looking for is preset when using the hidden "fs" option in the main menu. I needed a place to allow users to configure the setting, and the "settings" submenu made the most sense.

 

[thelonelycoder]

Its more a design flaw. The functionality your looking for is preset when using the hidden "fs" option in the main menu. I needed a place to allow users to configure the setting, and the "settings" submenu made the most sense.

Why not make it dynamic? I use this code in the upcoming Diversion v4.0.5 update to check the current state:

if grep -q "customlist2url=\"\"" $skynetcfg; then
    lastError=" Enable Skynet fast switch first"
    reload_menu
elif grep -q "customlist2url=\".*\"" $skynetcfg; then
    SkynetFs=on
    write_conf_file
    lastAction=" Skynet fast switch set to $SkynetFs"
else
    lastError=" Update Skynet and enable fast switch first"
    reload_menu
fi

 

[sl4fko]

Hi,
new here, just installed Skynet and Diversion on my router.

A few questions;

1.) Do Asus wrt (Merlin) firewall and Skynet "cooperate" somehow? If I open a port in Merlin firewall is it then also open in Skynet or do I have to open them separately?

2.) If I want to remove (safely of course, unmount in Asuswrt) or switch USB stick, that is connected for Diversion and Skynet SWAP, do I have to uninstall both programs or can I just connect another, bigger USB stick? Both formatted into EXT2.

 

[thelonelycoder]

2.) If I want to remove (safely of course, unmount in Asuswrt) or switch USB stick, that is connected for Diversion and Skynet SWAP, do I have to uninstall both programs or can I just connect another, bigger USB stick? Both formatted into EXT2.

Assuming you mean to replace it with an empty drive:
You'd have to install both Diversion and Skynet new as the settings and files are stored on the USB device.
Diversion installs into the Entware environment which is the "entware" folder on the device.
Skynet stores its files in the folder "skynet".
The swap file also has to be created new.
The start scripts in /jffs/scripts are modified when reinstalling.

In conclusion: You don't need to uninstall anything, Diversion and Skynet are error tolerant.
Use amtm to make the process easier.

Of course, if you'd copy over the files from the old drive to the new in a separate Linux environment, nothing needs to be reinstalled.
If you set a label to the device, make sure the new device is labeled the same.
While Diversion does not care if a label is set and does not rely on it if one is given, Skynet and the Swap file do rely on the device name and/or label to function.

 

[Awesome_Bob]

This is probably a dumb question, but do I need to use ASUS Merlin?

I could really use the aiMesh feature...

 

[visortgw]

This is probably a dumb question, but do I need to use ASUS Merlin?

I could really use the aiMesh feature...

It is necessary to enable custom JFFS scripts.

 

[Adamm]

1.) Do Asus wrt (Merlin) firewall and Skynet "cooperate" somehow? If I open a port in Merlin firewall is it then also open in Skynet or do I have to open them separately?

This is all done behind the scenes, so users can install Skynet and not have to worry about any additional steps.

This is probably a dumb question, but do I need to use ASUS Merlin?

Yes it is required.

 

[bitmonster]

You never know... AIMesh may work on Merlin someday.. I don't know why they can't just give Merlin compiled binaries or something.

Sent from my SM-G965F using Tapatalk

 

[Zonkd]

You never know... AIMesh may work on Merlin someday.. I don't know why they can't just give Merlin compiled binaries or something.

Sent from my SM-G965F using Tapatalk

It won't actually work, but I frequently see the option to configure AiMesh during the initial quicksetup after cleanly flashing a new version of Merlin. It doesn't happen every time, you may need to repeat the process a few times (eg. WPS nvram clean, power off, power on, intialise, upload firmware). If I remember correctly though I don't think it is exposed in the GUI after the first quicksetup though. I always flashed the firmware again if I saw AiMesh appear, because I knew it meant something had gone wonky. If you do see it appear you should also try clearing your browser cache. The only case where it should be visible is if you had experimented with a special nvram setting which forces the webui to display AiMesh options

 

[Adamm]

I've pushed v6.5.6

Improve SWAP management
Add SWAP healing function
Request bmw update on setting change
Improve Strip_Domain
Remove output from save and whitelist functions
Restart firewall on fw_enable setting change
Better bmw list validation
Better IP validation
Filter_OutIP() for internal use
Improve IPSet version check
Improve regex
Cleanup vars
General code improvement

 

[RMerlin]

You never know... AIMesh may work on Merlin someday.. I don't know why they can't just give Merlin compiled binaries or something.

I would need source code, not compiled binaries (which are already present in GPL releases).

 

[Deleted member 28123]

I've pushed v6.5.6

Improve SWAP management
Add SWAP healing function
Request bmw update on setting change
Improve Strip_Domain
Remove output from save and whitelist functions
Restart firewall on fw_enable setting change
Better bmw list validation
Better IP validation
Filter_OutIP() for internal use
Improve IPSet version check
Improve regex
Cleanup vars
General code improvement

Adamm,

Thanks for the latest release.

Your latest changes to the swap file mgmt, specifically swap loaded via the fstab file, have resulted in Skynet failing to load after the update as well as after a clean installation. I also noticed that my fstab loaded swap is no longer detected by the script as it is asking me to create a swap file or exit.

 

[Adamm]

Adamm,

Thanks for the latest release.

Your latest changes to the swap file mgmt, specifically swap loaded via the fstab file, have resulted in Skynet failing to load after the update as well as after a clean installation. I also noticed that my fstab loaded swap is no longer detected by the script as it is asking me to create a swap file or exit.

What’s the contents of your fstab file look like and I’ll see what I can do. Fwiw; swap partitions were never fully supported and I highly suggest migrating to a swap file instead.

 

[Deleted member 28123]

What’s the contents of your fstab file look like and I’ll see what I can do. Fwiw; swap partitions were never fully supported and I highly suggest migrating to a swap file instead.

UUID=xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx      none    swap    defaults        0       0

It was working fine up until 6.5.5 - updates and new installs

Thank you.

 

[Adamm]

UUID=xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx      none    swap    defaults        0       0

It was working fine up until 6.5.5 - updates and new installs

Thank you.

I pushed a hotfix which should detect it (you will need to force update). I do suggest migrating to a swap file at some point though as it limits you feature (and convenience) wise.

While you are using a swap partition though, would you mind posting the output of;

cat /proc/swaps

 

[Deleted member 28123]

I pushed a hotfix which should detect it (you will need to force update). I do suggest migrating to a swap file at some point though as it limits you feature (and convenience) wise.

While you are using a swap partition though, would you mind posting the output of;

cat /proc/swaps

Many thanks Adamm.

As I had uninstalled Skynet yesterday while trying to troubleshoot, I had to attempt a fresh installation however I am still being forced to choose between the 4 swap file sizes or the exit option.

Output of cat /proc/swaps



Appreciate your time!

Thank you.