Adamm
Part of the Furniture
Do I need to keep running...
The install command only needs to be run if there is a change in the install script which you would like to add (e.g adding new boot args). So in 9/10 cases usually not.
Do I need to keep running...
any way to find out what it is complaining about?
As per request, auto updating can now be enabled during install. I'll slow down eventually
Every time Unban_HTTP() is called, a scan will initiate. This function is called at the end of the hour during the save cronjob. Its also called when you run the commands (start/disable/save/stats/debug disable/debug filter).
Now what exactly does this function do? It will scan /jffs/skynet.log for any new bans based on traffic from ports 80 and 443 (HTTP and HTTPS). It then unbans anything meeting this criteria and marks it in the log. If the IP is ever banned a second time the same way during the next 2 weeks, the following scan it will whitelist the IP automatically.
So in a sense the script "learns", after a day or two you will most likely never run into any accidental blockage again as the whitelist is never wiped (unless forced by the user ofcoarse). I've just now added a new IPTables rule which should still handle invalid packets but only DROP (not ban) ones sent on TCP ports 80,443. So lets see if this works how we want it to, I've kept the old functionality for the time being as a fail-over. So as usual an update will be required to v4.2.1
So basically your script watches for any blocked traffic to ports 80, and/or 443 on the router.. and if it finds any it grabs the ip and adds it to the ban list. Then once an hour it takes that list and searches for any outbound traffic from ports 80/443 on the router and unbans that?
May 18 20:21:08 Skynet: [Complete] 142845 IPs / 18766 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked!
May 18 21:00:07 Skynet: [Complete] 142845 IPs / 0 Ranges banned. 0 New IPs / -18766 New Ranges Banned. 22 IP / 0 Range Connections Blocked!
with automatic hourly update all baned ranges gone?
Code:May 18 20:21:08 Skynet: [Complete] 142845 IPs / 18766 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! May 18 21:00:07 Skynet: [Complete] 142845 IPs / 0 Ranges banned. 0 New IPs / -18766 New Ranges Banned. 22 IP / 0 Range Connections Blocked!
ipset -L BlockedRanges | wc -l
hmm, don`t see if they exist? will see next cycle....I think this may just be the counter playing catch-up with the faster method I implemented (it should show the correct value next cycle). To confirm manually how many are still there, run the following command;
Code:ipset -L BlockedRanges | wc -l
The only command that can ever clear that list completely is unban all, so I'm sure its just a graphical error.
admin@RT-AC3200-7180:/jffs/scripts# firewall ipset -L BlockedRanges | wc -l
Skynet: [Complete] 142845 IPs / 0 Ranges banned. 0 New IPs / 0 New Ranges Banned. 29 IP / 0 Range Connections Blocked! [1s]
hmm, don`t see if they exist? will see next cycle....
Code:admin@RT-AC3200-7180:/jffs/scripts# firewall ipset -L BlockedRanges | wc -l Skynet: [Complete] 142845 IPs / 0 Ranges banned. 0 New IPs / 0 New Ranges Banned. 29 IP / 0 Range Connections Blocked! [1s]
Any ideas how I can figure out why this is blocking the Blizzard App? When I "firewall disable" it connects with no issue.. but when I enable it gets blocked somehow and it is not finding it as a false positive.
sh /jffs/scripts/firewall debug enable
Same problem here, my imap server got blocked (imap.web.de). No ping goes out, after disabling the firewall everything worked again A howto unblock would be nice
PS: And how can I reset the black and whitelists to zero?
sh /jffs/scripts/firewall whitelist domain imap.web.de
I did an uninstall and then reinstalled.. followed the instructions from page 1..
Skynet: [IP Banning Started] ... ... ...
Skynet: [Enabling Raw Debug Output] ... ... ...
grep: /jffs/scripts/ipset.txt: No such file or directory
grep: /jffs/scripts/ipset.txt: No such file or directory
Skynet: [Complete] 0 IPs / 0 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [1s]
Installing Skynet v4.2.5
This Will Remove Any Old Install Arguements And Can Be Run Multiple Times
Please Select Installation Mode (Number)
1. Vanilla - Default Installation
2. NoAuto - Default Installation Without Autobanning
3. Debug - Default Installation With Debug Print For Extended Stat Reporting
4. NoAuto & Debug - Default Installation With No Autobanning And Debug Print
1
Vanilla Selected
Would You Like To Enable Weekly Malwarelist Updating
1. Yes
2. No
Please Select Option (Number)
2
Malware List Updating Disabled
Would You Like To Enable Daily Auto Script Updating
Skynet By Default Only Checks For Updates But They Are Never Downloaded
1. Yes
2. No
Please Select Option (Number)
1
Auto Updating Enabled
Skynet Updates Scheduled For 2.25am Daily
Restarting Firewall To Apply Changes
Done.
sh firewall stats
!!! Debug Mode Is Disabled !!!
No Debug Data Detected - Give This Time To Generate
sh firewall debug enable
Skynet: [Complete] 23 IPs / 0 Ranges banned. 0 New IPs / 0 New Ranges Banned. 54 IP / 0 Range Connections Blocked! [0s]
sh firewall stats
!!! Debug Mode Is Disabled !!!
No Debug Data Detected - Give This Time To Generate
Mh, after a fresh installation of the script it seems that I can't enable the debuggin mode..?
That output is perfect, ipset.txt shouldn't exist on a fresh install, I just need to mute that output in a future update. Beyond that it shows your script working perfectly
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!