Skynet Skynet - Router Firewall & Security Enhancements

[dave14305]

I did a little searching. Will this be able to ban incoming IPs, Ports, and things like that? Or am I asking something totally wrong?

It will ban incoming and outgoing traffic to IPs from publicly curated lists of known malware, hackers, etc. Plus you can add your own.

 

[randomName]

It will ban incoming and outgoing traffic to IPs from publicly curated lists of known malware, hackers, etc. Plus you can add your own.

Thanks. Incase I want to un-install it, what's the command? Also what size is best for a swap file? I chose 256.. i have a 16GB USB drive attached.

EDIT: Never mind, reading the reserved posts, thanks, lol

 

[timbo69]

Mine started doing that as well. I reinstalled it using the first page command.

Hi I tried that and whilst it installed ok and the process started, if i run the app sh ./firewall i get the same arithmetic syntax error, any more ideas/thoughts i could try?

thanks

 

[Adamm]

Hi I tried that and whilst it installed ok and the process started, if i run the app sh ./firewall i get the same arithmetic syntax error, any more ideas/thoughts i could try?

thanks

Whats the output of;

sh /jffs/scripts/firewall debug info

 

[timbo69]

Whats the output of;

sh /jffs/scripts/firewall debug info

Hi Adamm
Thanks, details are below
Skynet Version; (05/07/2019) (1b0d481af8d2da574015a3de5548ed51)
iptables v1.4.15 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (xx.xx.xx.xx)
FW Version; 384.13_0 (Jul 31 2019) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/usb1/skynet (28.7G / 30.3G Space Available)
Syslog Location; () ()
Uptime; 1 days, 23 hours, 31 minutes.
Ram Available; (183M / 249M)
-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------
Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
SWAP | [Passed]
Cron Jobs | [Passed]
IPSet Comment Support | [Passed]
Log Level 7 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
Inbound Filter Rules | [Failed]
Inbound Debug Rules | [Failed]
Outbound Filter Rules | [Failed]
Outbound Debug Rules | [Failed]
Whitelist IPSet | [Passed]
BlockedRanges IPSet | [Passed]
Blacklist IPSet | [Passed]
Skynet IPSet | [Passed]
----------- | ----------
| Setting | | | Status |
---------- | ----------
Autoupdate | [Disabled]
Auto-Banmalware Update | [Disabled]
Debug Mode | [Disabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Disabled]
Log Invalid | [Disabled]
Ban AiProtect | [Disabled]
Secure Mode | [Disabled]
Fast Switch | [Disabled]
Syslog Location | [Custom]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Disabled]
13/17 Tests Sucessful
=============================================================================================================
/jffs/scripts/firewall: line 5079: arithmetic syntax error

 

[Adamm]

Hi Adamm
Thanks, details are below
Skynet Version; (05/07/2019) (1b0d481af8d2da574015a3de5548ed51)
iptables v1.4.15 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (xx.xx.xx.xx)
FW Version; 384.13_0 (Jul 31 2019) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/usb1/skynet (28.7G / 30.3G Space Available)
Syslog Location; () ()
Uptime; 1 days, 23 hours, 31 minutes.
Ram Available; (183M / 249M)
-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------
Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
SWAP | [Passed]
Cron Jobs | [Passed]
IPSet Comment Support | [Passed]
Log Level 7 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
Inbound Filter Rules | [Failed]
Inbound Debug Rules | [Failed]
Outbound Filter Rules | [Failed]
Outbound Debug Rules | [Failed]
Whitelist IPSet | [Passed]
BlockedRanges IPSet | [Passed]
Blacklist IPSet | [Passed]
Skynet IPSet | [Passed]
----------- | ----------
| Setting | | | Status |
---------- | ----------
Autoupdate | [Disabled]
Auto-Banmalware Update | [Disabled]
Debug Mode | [Disabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Disabled]
Log Invalid | [Disabled]
Ban AiProtect | [Disabled]
Secure Mode | [Disabled]
Fast Switch | [Disabled]
Syslog Location | [Custom]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Disabled]
13/17 Tests Sucessful
=============================================================================================================
/jffs/scripts/firewall: line 5079: arithmetic syntax error

Try a reboot and see if there are any errors in your syslog. The arithmetic errors are because Skynet is trying to pull values from the missing IPTables rules to display for the hit counter.

 

[dave14305]

Try a reboot and see if there are any errors in your syslog. The arithmetic errors are because Skynet is trying to pull values from the missing IPTables rules to display for the hit counter.

There’s also no mention of a swap file.

 

[timbo69]

Try a reboot and see if there are any errors in your syslog. The arithmetic errors are because Skynet is trying to pull values from the missing IPTables rules to display for the hit counter.

Hi Adam,
ok that was a helpful steer because looking in the log I saw a number of I/O issues flagged for the memory stick. I tried repairing but it looks terminal. With a different memory stick I reinstalled skynet and see all 17 tests are passed. I've rebooted the router and checked no usb stick issues as before and again all 17 tests passed.
So big thanks for your help.
cheers

 

[randomName]

After installing Skynet it feels like my GUI on my RT-86U is slower. Anyone experience any GUI slow down after installing Skynet, or is it just me?

Thanks

 

[Adamm]

After installing Skynet it feels like my GUI on my RT-86U is slower. Anyone experience any GUI slow down after installing Skynet, or is it just me?

Thanks

Skynet has no measurable performance impact, there's nothing "running" in the background beyond a few IPTables rules, nor does it interfere with the WebUI.

 

[cmkelley]

After installing Skynet it feels like my GUI on my RT-86U is slower. Anyone experience any GUI slow down after installing Skynet, or is it just me?

Thanks

Negative ghostrider. I have Skynet and a bunch else with no slowdown on my RT-86U.

 

[Smokey613]

After installing Skynet it feels like my GUI on my RT-86U is slower. Anyone experience any GUI slow down after installing Skynet, or is it just me?

Thanks

My RT-AC68U takes longer to load the initial page, sometimes requiring a page reload after the Skynet install. I probably need to get a newer router.

 

[QuikSilver]

After installing Skynet it feels like my GUI on my RT-86U is slower. Anyone experience any GUI slow down after installing Skynet, or is it just me?

Thanks

Check your logs as they may be getting large in size. Nothing skynet related....check out UIscribe. may be of use to you.

 

[dave14305]

My RT-AC68U takes longer to load the initial page, sometimes requiring a page reload after the Skynet install. I probably need to get a newer router.

If you’re in that window of time when Skynet is updating its lists, it can temporarily put some load on the router, but it shouldn’t last more than a minute or two at most.

 

[Smokey613]

That may have been it. Seems to working fine now.

 

[netware5]

One silly question:
The install script says "IPSet Version Not Supported - Please Update To Latest Firmware". As I am with RT-N66U I cannot update to the "latest firmware". Shall I move to John's fork or running SkyNet on RT-N66U is impossible?

 

[dave14305]

One silly question:
The install script says "IPSet Version Not Supported - Please Update To Latest Firmware". As I am with RT-N66U I cannot update to the "latest firmware". Shall I move to John's fork or running SkyNet on RT-N66U is impossible?

John’s fork will work great with SkyNet.

Edit: but only on ARM routers as Adamm points out below.

 

[Adamm]

One silly question:
The install script says "IPSet Version Not Supported - Please Update To Latest Firmware". As I am with RT-N66U I cannot update to the "latest firmware". Shall I move to John's fork or running SkyNet on RT-N66U is impossible?

Unfortunately only ARM/HND routers are supported (AC56U and newer). MIPS routers run too old of a kernel to support the required IPSet modules.

 

[dave14305]

Unfortunately only ARM/HND routers are supported (AC56U and newer). MIPS routers run too old of a kernel to support the required IPSet modules.

Yes, sorry. My experience was on an AC68U (arm) not N66U (mips). Forgetting the bad old days of mips.

 

[Adamm]

I've pushed v6.8.6

Add toggle for CDN Whitelisting (settings cdnwhitelist enable|disable)