Skynet Skynet - Router Firewall & Security Enhancements

[keef]

Adamm. An odd problem arose. Using PIA if I reload the Skynet menu it always stops at the Swap file line. If I wait several minutes it reports that there is no internet access however, internet access is fine. Any ideas?

thanks

 

[Adamm]

Adamm. An odd problem arose. Using PIA if I reload the Skynet menu it always stops at the Swap file line. If I wait several minutes it reports that there is no internet access however, internet access is fine. Any ideas?

thanks

I assume its pausing at the Check_Connection() function;

Check_Connection () {
        livecheck="0"
        while [ "$livecheck" != "4" ]; do
            if ping -q -w3 -c1 google.com >/dev/null 2>&1; then
                break
            else
                if ping -q -w3 -c1 github.com >/dev/null 2>&1; then
                    break
                else
                    if ping -q -w3 -c1 snbforums.com >/dev/null 2>&1; then
                        break
                    else
                        livecheck=$((livecheck+1))
                        if [ "$livecheck" != "4" ]; then
                            echo "[*] Internet Connectivity Error"
                            sleep 10
                        else
                            return "1"
                        fi
                    fi
                fi
            fi
        done
}

Basically what this means is your router fails to ping google, then github, then finally snbforums and after multiple attempts reports the connection as being down. I assume this is to-do with incorrect configuration of the VPN as the function is quite straight forward.

 

[keef]

I assume its pausing at the Check_Connection() function;
Basically what this means is your router fails to ping google, then github, then finally snbforums and after multiple attempts reports the connection as being down. I assume this is to-do with incorrect configuration of the VPN as the function is quite straight forward.

Well I noticed that while the Internet is fine and PIA's home page says I'm connected and I have a new IP, in Merlin on the OpenVPN PIA menu it reports a private IP but not a public one. I emailed the PIA guys. Under ExpressVPN it works fine.

thanks

 

[keef]

Well it turns out if I set Connect to DNS Server automatically to N and specify a DNS everything works fine.
thanks

-keef

 

[pattiri]

I've forced installed the latest version but I still get these;

[$] /opt/bin/firewall banmalware


=============================================================================================================


[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | /opt/bin/firewall: line 5165: split: not found
/opt/bin/firewall: line 5165: can't open *: no such file
[6s]
[i] Consolidating Blacklist         | [6s]
[i] Filtering IPv4 Addresses        | [4s]
[i] Filtering IPv4 Ranges           | [1s]
[i] Applying New Blacklist          | [8s]
[i] Refreshing AiProtect Bans       | [0s]
[i] Saving Changes                  | [5s]

[i] For Whitelisting Assistance -
[i] https://www.snbforums.com/threads/release-skynet-router-firewall-security-enhancements.16798/#post-115872


=============================================================================================================


[#] 143796 IPs (+727) -- 1621 Ranges Banned (+6) || 170 Inbound -- 7 Outbound Connections Blocked! [banmalware] [33s]

 

[dave14305]

I've forced installed the latest version but I still get these;

[$] /opt/bin/firewall banmalware


=============================================================================================================


[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | /opt/bin/firewall: line 5165: split: not found
/opt/bin/firewall: line 5165: can't open *: no such file
[6s]
[i] Consolidating Blacklist         | [6s]
[i] Filtering IPv4 Addresses        | [4s]
[i] Filtering IPv4 Ranges           | [1s]
[i] Applying New Blacklist          | [8s]
[i] Refreshing AiProtect Bans       | [0s]
[i] Saving Changes                  | [5s]

[i] For Whitelisting Assistance -
[i] https://www.snbforums.com/threads/release-skynet-router-firewall-security-enhancements.16798/#post-115872


=============================================================================================================


[#] 143796 IPs (+727) -- 1621 Ranges Banned (+6) || 170 Inbound -- 7 Outbound Connections Blocked! [banmalware] [33s]

The workaround is to install the coreutils-split package from Entware. Some models automatically include it, most don't.

opkg install coreutils-split

 

[ZeMitras]

Hello guys!
First, this software is amaizing, thank you so much for this.

My favorite feature is the IOT blocking (done the right way). Regarding this subject, I selected the option "Select IOT Allowed Port Protocol" -> UDP.
What does this mean? That I allow my IOT devices to "talk" to the internet via UDP? There is no reset option... Maybe I'm not understanding this right...

Thanks

 

[Adamm]

I've forced installed the latest version but I still get these;

[$] /opt/bin/firewall banmalware


=============================================================================================================


[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | /opt/bin/firewall: line 5165: split: not found
/opt/bin/firewall: line 5165: can't open *: no such file
[6s]
[i] Consolidating Blacklist         | [6s]
[i] Filtering IPv4 Addresses        | [4s]
[i] Filtering IPv4 Ranges           | [1s]
[i] Applying New Blacklist          | [8s]
[i] Refreshing AiProtect Bans       | [0s]
[i] Saving Changes                  | [5s]

[i] For Whitelisting Assistance -
[i] https://www.snbforums.com/threads/release-skynet-router-firewall-security-enhancements.16798/#post-115872


=============================================================================================================


[#] 143796 IPs (+727) -- 1621 Ranges Banned (+6) || 170 Inbound -- 7 Outbound Connections Blocked! [banmalware] [33s]

As dave mentioned, this is a known bug in non-HND routers we found a few days ago and should be fixed in the next firmware release. A temporary workaround is to install the "coreutils-split" package in entware.

 

[Adamm]

Hello guys!
First, this software is amaizing, thank you so much for this.

Appreciate the kind words

My favorite feature is the IOT blocking (done the right way). Regarding this subject, I selected the option "Select IOT Allowed Port Protocol" -> UDP.
What does this mean? That I allow my IOT devices to "talk" to the internet via UDP? There is no reset option... Maybe I'm not understanding this right...

This is in relation to the allowed port list. Ports can either communicate via UDP, TCP or Both depending on which setting you select.

( sh /jffs/scripts/firewall settings iot unban|ban 8.8.8.8,9.9.9.9 ) Unban|Ban IOT Device(s) (or CIDR) From Accessing WAN (Allow NTP / Remote Access Via OpenVPN Only) (Use Comma As Separator)
( sh /jffs/scripts/firewall settings iot view ) View Currently Banned IOT Devices
( sh /jffs/scripts/firewall settings iot ports 123,124,125 ) Allow Port(s) To Access WAN (Use Comma As Separator)
( sh /jffs/scripts/firewall settings iot ports reset ) Reset Allowed Port List To Default
( sh /jffs/scripts/firewall settings iot proto udp|tcp|all ) Select IOT Allowed Port Protocol

 

[dave14305]

Anyone else get the massive reduction in blocked IPs today?

Oct 24 08:28:36 Skynet: [#] 82988 IPs (-55424) -- 1633 Ranges Banned (-49) || 0 Inbound -- 0 Outbound Connections Blocked! [banmalware] [216s]

I just re-ran the banmalware update and got some back.

[#] 127313 IPs (+44325) -- 1630 Ranges Banned (-3) || 0 Inbound -- 0 Outbound Connections Blocked! [banmalware] [54s]

 

[Butterfly Bones]

Anyone else get the massive reduction in blocked IPs today?

Oct 24 08:28:36 Skynet: [#] 82988 IPs (-55424) -- 1633 Ranges Banned (-49) || 0 Inbound -- 0 Outbound Connections Blocked! [banmalware] [216s]

I just re-ran the banmalware update and got some back.

[#] 127313 IPs (+44325) -- 1630 Ranges Banned (-3) || 0 Inbound -- 0 Outbound Connections Blocked! [banmalware] [54s]

I see that often, though not as high as yours, I do get that on occasion. I also note the banmalware execution time is much longer than normal when this occurs, as is your.

This time I see negative numbers, though not as high as yours. I always keep my cron execution early morning 0525 local time, but I think I will experiment with changing that time.

2019-10-24 08:46:48.000 [#] 127383 IPs (-2933) -- 27187 Ranges Banned (-3) || 14146 Inbound -- 90 Outbound Connections Blocked! [banmalware] [34s]
2019-10-24 05:27:33.000 [#] 130315 IPs (-6928) -- 27190 Ranges Banned (-13) || 13537 Inbound -- 90 Outbound Connections Blocked! [banmalware] [153s]

These ran as expected.

2019-10-23 05:25:56.000 [#] 137241 IPs (-7853) -- 27203 Ranges Banned (-57) || 8535 Inbound -- 27 Outbound Connections Blocked! [banmalware] [51s]
2019-10-22 05:25:51.000 [#] 145093 IPs (+2830) -- 27260 Ranges Banned (+88) || 3283 Inbound -- 3 Outbound Connections Blocked! [banmalware] [143s]

On the 21st I ran it a second time, but do not remember why.

2019-10-21 09:45:58.000 [#] 142262 IPs (+1035) -- 27172 Ranges Banned (-28) || 9 Inbound -- 0 Outbound Connections Blocked! [banmalware] [19s]
2019-10-21 05:25:53.000 [#] 141227 IPs (+3746) -- 27200 Ranges Banned (+58) || 640 Inbound -- 0 Outbound Connections Blocked! [banmalware] [47s]

These ran as expected.

2019-10-20 05:25:50.000 [#] 137480 IPs (-667) -- 27142 Ranges Banned (-39) || 3099 Inbound -- 34 Outbound Connections Blocked! [banmalware] [50s]
2019-10-19 05:25:40.000 [#] 138147 IPs (+668) -- 27181 Ranges Banned (-4) || 7225 Inbound -- 69 Outbound Connections Blocked! [banmalware] [40s]
2019-10-18 05:25:41.000 [#] 137479 IPs (+703) -- 27185 Ranges Banned (+14) || 3340 Inbound -- 28 Outbound Connections Blocked! [banmalware] [41s]

 

[Adamm]

I've pushed v6.9.1

This update fixes an edge case where curl fails to download blacklists due to DNSMasq being overwhelmed by large shared-*-Whitelist files if dns_local_cache is enabled.


Spent quite a few more hours then I'd like to admit tracking down the issue unnecessarily rewriting parts of Skynet, like most complex issues it was mitigated by one simple line of code

 

[thelonelycoder]

Spent quite a few more hours then I'd like to admit tracking down the issue unnecessarily rewriting parts of Skynet, like most complex issues it was mitigated by one simple line of code

.. which you probably lifted off a google search directing you to stackoverflow.com, with the exact problem someone else had a year ago

 

[vdemarco]

Skynet (well one of the block lists) had the ip 159.45.170.156 banned, which is an address of a wellsfargo site. (I couldn't talk to the bank). I fixed by unbanning the ip

firewall unban ip 159.45.170.156

Now everything works, did this just happen to me? did i inadvertently ban wellsfargo at some point?

 

[dave14305]

Skynet (well one of the block lists) had the ip 159.45.170.156 banned, which is an address of a wellsfargo site. (I couldn't talk to the bank). I fixed by unbanning the ip

firewall unban ip 159.45.170.156

Now everything works, did this just happen to me? did i inadvertently ban wellsfargo at some point?

It's part of "BanMalware: alienvault_reputation.ipset"

 

[Twiglets]

I've pushed v6.9.1

This update fixes an edge case where curl fails to download blacklists due to DNSMasq being overwhelmed by large shared-*-Whitelist files if dns_local_cache is enabled.


Spent quite a few more hours then I'd like to admit tracking down the issue unnecessarily rewriting parts of Skynet, like most complex issues it was mitigated by one simple line of code

Just updated to the latest version and I am getting 'cannot Fork' errors when 'Refreshing Whitelists'.
This appears to be more frequently happening than the previous version !!!???

How do I re-install the previous version ?

 

[Adamm]

Just updated to the latest version and I am getting 'cannot Fork' errors when 'Refreshing Whitelists'.
This appears to be more frequently happening than the previous version !!!???

How do I re-install the previous version ?

What is the output of the following command;

wc -l /jffs/shared-*

 

[Ubimo]

Minor typo, I think:
I updated to 6.9.1. but menue still says:
Skynet Version; v6.9.0 (25/10/2019) (7988e4a64171605ab06fc475ceec5c89)

 

[Twiglets]

What is the output of the following command;

wc -l /jffs/shared-*

The output is as follows:

Joe@Bloggs:/tmp/home/root# wc -l /jffs/shared-*
       87 /jffs/shared-Diversion-whitelist
       21 /jffs/shared-Skynet-whitelist
       14 /jffs/shared-Skynet2-whitelist
      122 total

 

[Adamm]

Minor typo, I think:
I updated to 6.9.1. but menue still says:
Skynet Version; v6.9.0 (25/10/2019) (7988e4a64171605ab06fc475ceec5c89)

Purely aesthetic, during the startup procedure Skynet grabs the version string and sets it in the config.

The output is as follows:

Joe@Bloggs:/tmp/home/root# wc -l /jffs/shared-*
       87 /jffs/shared-Diversion-whitelist
       21 /jffs/shared-Skynet-whitelist
       14 /jffs/shared-Skynet2-whitelist
      122 total

Just noticed you are running an AC56U which unfortunately is EOL with a 15 month old firmware. The part of the code which causes fork errors hasn't been modified since v6.9.0 and even then those changes wouldn't apply to your setup.

With that being said, you could try a reboot and see if that mitigates the error (its an underlying broadcom issue), but beyond that there isn't too much I can do as any recent firmware mitigation won't apply to your model. Might be worth looking into a second hand AC68U which are quite cheap, I sold mine a year ago for $100AUD so I imagine you can find some good deals out there.