Skynet Skynet - Router Firewall & Security Enhancements

[randomName]

Something is causing the firewall to restart daily. I'm seeing it in the router log. I disabled the firewall the other day and it didn't happen for the entire day, then last night I enabled it again and it restarted a few hours later. I think when I turned on my TV. I'm not sure if it's Skynet or possibly my Samsung TV. Lately the Samsung TV has had multiple connections to my router.

 

[adrian oprea]

i have a ac66u with Firmware: 380.70 (ipset v4.5)
when i try to install firewall it say:
[*] IPSet Version Not Supported - Please Update To Latest Firmware

sow how can i do that to be able to install'it?

thx

 

[Makaveli]

i have a ac66u with Firmware: 380.70 (ipset v4.5)
when i try to install firewall it say:
[*] IPSet Version Not Supported - Please Update To Latest Firmware

sow how can i do that to be able to install'it?

thx

Since there is no newer firmwares available for your router you won't be able to with merlin. You may have to try one of the other forks like john's.

 

[thelonelycoder]

i have a ac66u with Firmware: 380.70 (ipset v4.5)
when i try to install firewall it say:
[*] IPSet Version Not Supported - Please Update To Latest Firmware

sow how can i do that to be able to install'it?

thx

It’s not possible since the kernel version limits the ipset version. The kernel is the same on Merlins and on Johns fork.

 

[elorimer]

If I pass the router log via Syslog to a PC or something running a Syslog server, is it possible to get analysis of the firewall logs? Just for general interest.

I have installed Kiwi Syslog in Windows 10 but haven't got it working yet, although I would like something that can specifically analyse firewall and other system log information.

Depends a little on whether you end up with the scribe alternative or use the built in remote log function (which I don't use). Skynet is set up to send messages via the system logger. Hourly, it compiles statistics and sends it to the system logger, and at the same time, removes all of the prior messages in the system log file other than those statistics.

So in scribe, if you set it up to send the skynet messages to your Windows machine and also to a skynet log file, you can do whatever you want with the messages in the Windows machine and you will end up with skynet's hourly statistics in the skynet log file. If you use the built in remote log to send messages to your Windows machine, you can do whatever you want with them, and I think you end up with the hourly statistics in the /tmp/syslog.log log file.

 

[bitmonster]

Depends a little on whether you end up with the scribe alternative or use the built in remote log function (which I don't use). Skynet is set up to send messages via the system logger. Hourly, it compiles statistics and sends it to the system logger, and at the same time, removes all of the prior messages in the system log file other than those statistics.

So in scribe, if you set it up to send the skynet messages to your Windows machine and also to a skynet log file, you can do whatever you want with the messages in the Windows machine and you will end up with skynet's hourly statistics in the skynet log file. If you use the built in remote log to send messages to your Windows machine, you can do whatever you want with them, and I think you end up with the hourly statistics in the /tmp/syslog.log log file.

Installed Scribe. Huge improvement. Now to work out how to configure it. Do I need to configure the SkyNet logging too?

Any suggestions on log analysis tools would be appreciated too. My ultimate dream is some sort of real time graphical display.

If anything it would be handy to show my partner and other people who think security issues only happen to other people.

 

[Adamm]

Something is causing the firewall to restart daily. I'm seeing it in the router log. I disabled the firewall the other day and it didn't happen for the entire day, then last night I enabled it again and it restarted a few hours later. I think when I turned on my TV. I'm not sure if it's Skynet or possibly my Samsung TV. Lately the Samsung TV has had multiple connections to my router.

There are very few events where Skynet restarts the firewall service, off the top of my head the only two I can think of are installation / restart commands. Without a snippet of your syslog its impossible to diagnose the cause of your issue.

Any suggestions on log analysis tools would be appreciated too. My ultimate dream is some sort of real time graphical display.

If anything it would be handy to show my partner and other people who think security issues only happen to other people.

The built-in stats commands give you a pretty good text based solution, anything web based is a bit out of my field though.

 

[bitmonster]

The built-in stats commands give you a pretty good text based solution, anything web based is a bit out of my field though.

Sort of but not really. If I can pipe the firewall log live in to a good PC based analysis tool that should provide more easier to read info... I'm sure there will be something around.

 

[elorimer]

Sort of but not really. If I can pipe the firewall log live in to a good PC based analysis tool that should provide more easier to read info... I'm sure there will be something around.

Another thought is that syslog-ng has a collectd destination; you could send the messages there and use an rrd tool. I haven't gone down that road myself.

 

[JonnyB]

Quick question regarding a "Cascading Router" setup. This only needs to be installed on the forward facing router correct?

 

[visortgw]

Quick question regarding a "Cascading Router" setup. This only needs to be installed on the forward facing router correct?

Correct.

 

[JonnyB]

Correct.

Thank-You!

 

[tardis]

I installed an IP camera and it connects to three different ip's OUTBOUND.
So i blocked those IP's in Skynet and enabled "Block Internet Access" in client status for the camera.
In System Log-Connections i don't see the camera making an active connection.
But i still see the camera LAN IP trying to connect to one of those IP's and mesage [BLOCKED - OUTBOUND] in Skynet log entries every 10s.

Should i unblock it, is it safe (it some chinese IP) ?
It's spamming my log entries.

 

[cmkelley]

I installed an IP camera and it connects to three different ip's OUTBOUND.
So i blocked those IP's in Skynet and enabled "Block Internet Access" in client status for the camera.
In System Log-Connections i don't see the camera making an active connection.
But i still see the camera LAN IP trying to connect to one of those IP's and mesage [BLOCKED - OUTBOUND] in Skynet log entries every 10s.

Should i unblock it, is it safe (it some chinese IP) ?
It's spamming my log entries.

Seems to me that if you're going to unblock anything that generates a large number of log entries, there's no point in blocking anything.

There's no way anyone here can tell you if it's "safe" or not, particularly because you didn't even say what camera you have, or where it's connecting to (did you do a reverse DNS lookup?) Even with that information, "safety" is relative, and it would be only slightly better than flipping a coin.

One option is to install scribe (which is just an installer for syslog-ng and logrotate) which will, among other things, redirect Skynet traffic to a separate log so its messages won't show up in your main log. See https://www.snbforums.com/threads/scribe-syslog-ng-and-logrotate-installer.55853/ for more information.

 

[Adamm]

I installed an IP camera and it connects to three different ip's OUTBOUND.
So i blocked those IP's in Skynet and enabled "Block Internet Access" in client status for the camera.
In System Log-Connections i don't see the camera making an active connection.
But i still see the camera LAN IP trying to connect to one of those IP's and mesage [BLOCKED - OUTBOUND] in Skynet log entries every 10s.

Should i unblock it, is it safe (it some chinese IP) ?
It's spamming my log entries.

That's because Skynet blocks it at the earliest possible point in the raw table (before the "Block Internet Access" rules take effect) so Skynet's method takes priority and the hassle of logging

With that being said, if you have this setting enabled you don't need to also ban the IP within Skynet as it will already be blocked.

 

[elorimer]

It's spamming my log entries.

Further to what @cmkelley said, if you want you can also use scribe to sift out just those log entries and discard them if you don't want them there even during the hour before firewall save runs.

 

[Butterfly Bones]

Well @#$%&*

This is fun (NOT)! Updated to 384.14 beta 2 on my AC86U and now Skynet insists on blocking my router IP address (obfuscated to xx.xx.xx.xx)

I have added it to the whitelist, but no joy. It is disabled for now.

'[i] Whitelisting 7x.9x.5x.5x
ipset v6.32: Element cannot be added to the set: it's already added
[i] Saving Changes

Nov 24 19:01:31 RT-AC86U-4608 Skynet: [#] 139507 IPs (+0) -- 27150 Ranges Banned (+0) || 4 Inbound -- 81 Outbound Connections Blocked! [whitelist] [21s]
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64437 DF PROTO=UDP SPT=36227 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64439 DF PROTO=UDP SPT=59981 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64440 DF PROTO=UDP SPT=59007 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64441 DF PROTO=UDP SPT=53182 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64442 DF PROTO=UDP SPT=32899 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64443 DF PROTO=UDP SPT=44983 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64449 DF PROTO=UDP SPT=37859 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64450 DF PROTO=UDP SPT=37921 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64451 DF PROTO=UDP SPT=33723 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64452 DF PROTO=UDP SPT=46297 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64453 DF PROTO=UDP SPT=48192 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64454 DF PROTO=UDP SPT=34823 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64455 DF PROTO=UDP SPT=40968 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64456 DF PROTO=UDP SPT=55831 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64457 DF PROTO=UDP SPT=53065 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64458 DF PROTO=UDP SPT=55131 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64466 DF PROTO=UDP SPT=55946 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64467 DF PROTO=UDP SPT=53162 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64468 DF PROTO=UDP SPT=51447 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64469 DF PROTO=UDP SPT=34298 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64470 DF PROTO=UDP SPT=51351 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64471 DF PROTO=UDP SPT=56848 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64472 DF PROTO=UDP SPT=51831 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64473 DF PROTO=UDP SPT=54958 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64474 DF PROTO=UDP SPT=60688 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64475 DF PROTO=UDP SPT=34447 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64478 DF PROTO=UDP SPT=55628 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64479 DF PROTO=UDP SPT=58089 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64480 DF PROTO=UDP SPT=49580 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64481 DF PROTO=UDP SPT=34051 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64482 DF PROTO=UDP SPT=55795 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64483 DF PROTO=UDP SPT=33993 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64485 DF PROTO=UDP SPT=47778 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64486 DF PROTO=UDP SPT=44788 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64487 DF PROTO=UDP SPT=40511 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64488 DF PROTO=UDP SPT=33830 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64489 DF PROTO=UDP SPT=42282 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64490 DF PROTO=UDP SPT=48667 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64491 DF PROTO=UDP SPT=42290 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64493 DF PROTO=UDP SPT=52773 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64499 DF PROTO=UDP SPT=36140 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64500 DF PROTO=UDP SPT=41864 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64502 DF PROTO=UDP SPT=35617 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64511 DF PROTO=UDP SPT=51105 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64512 DF PROTO=UDP SPT=52493 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64523 DF PROTO=UDP SPT=41911 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64524 DF PROTO=UDP SPT=34195 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64527 DF PROTO=UDP SPT=60290 DPT=443 LEN=1124

 

[dave14305]

Well @#$%&*

This is fun (NOT)! Updated to 384.14 beta 2 on my AC86U and now Skynet insists on blocking my router IP address (obfuscated to xx.xx.xx.xx)

I have added it to the whitelist, but no joy. It is disabled for now.

'[i] Whitelisting 7x.9x.5x.5x
ipset v6.32: Element cannot be added to the set: it's already added
[i] Saving Changes

Nov 24 19:01:31 RT-AC86U-4608 Skynet: [#] 139507 IPs (+0) -- 27150 Ranges Banned (+0) || 4 Inbound -- 81 Outbound Connections Blocked! [whitelist] [21s]
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64437 DF PROTO=UDP SPT=36227 DPT=443 LEN=1124
4 ID=64442 DF PROTO=UDP SPT=32899 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64443 DF PROTO=UDP SPT=44983 DPT=443 LEN=1124

Skynet would only be blocking destination IPs in the outbound direction. Having your WAN IP as the source means it’s coming from the router instead of a client.
Check that destination IP with

firewall stats search ip 37.120.147.2

is it in any blacklist?

 

[bluepoint]

Well @#$%&*

This is fun (NOT)! Updated to 384.14 beta 2 on my AC86U and now Skynet insists on blocking my router IP address (obfuscated to xx.xx.xx.xx)

I have added it to the whitelist, but no joy. It is disabled for now.

'[i] Whitelisting 7x.9x.5x.5x
ipset v6.32: Element cannot be added to the set: it's already added
[i] Saving Changes

Nov 24 19:01:31 RT-AC86U-4608 Skynet: [#] 139507 IPs (+0) -- 27150 Ranges Banned (+0) || 4 Inbound -- 81 Outbound Connections Blocked! [whitelist] [21s]
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64437 DF PROTO=UDP SPT=36227 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64439 DF PROTO=UDP SPT=59981 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64440 DF PROTO=UDP SPT=59007 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64441 DF PROTO=UDP SPT=53182 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64442 DF PROTO=UDP SPT=32899 DPT=443 LEN=1124
Nov 24 19:01:32 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64443 DF PROTO=UDP SPT=44983 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64449 DF PROTO=UDP SPT=37859 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64450 DF PROTO=UDP SPT=37921 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64451 DF PROTO=UDP SPT=33723 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64452 DF PROTO=UDP SPT=46297 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64453 DF PROTO=UDP SPT=48192 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64454 DF PROTO=UDP SPT=34823 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64455 DF PROTO=UDP SPT=40968 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64456 DF PROTO=UDP SPT=55831 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64457 DF PROTO=UDP SPT=53065 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64458 DF PROTO=UDP SPT=55131 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64466 DF PROTO=UDP SPT=55946 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64467 DF PROTO=UDP SPT=53162 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64468 DF PROTO=UDP SPT=51447 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64469 DF PROTO=UDP SPT=34298 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64470 DF PROTO=UDP SPT=51351 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64471 DF PROTO=UDP SPT=56848 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64472 DF PROTO=UDP SPT=51831 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64473 DF PROTO=UDP SPT=54958 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64474 DF PROTO=UDP SPT=60688 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64475 DF PROTO=UDP SPT=34447 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64478 DF PROTO=UDP SPT=55628 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64479 DF PROTO=UDP SPT=58089 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64480 DF PROTO=UDP SPT=49580 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64481 DF PROTO=UDP SPT=34051 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64482 DF PROTO=UDP SPT=55795 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64483 DF PROTO=UDP SPT=33993 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64485 DF PROTO=UDP SPT=47778 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64486 DF PROTO=UDP SPT=44788 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64487 DF PROTO=UDP SPT=40511 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64488 DF PROTO=UDP SPT=33830 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64489 DF PROTO=UDP SPT=42282 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64490 DF PROTO=UDP SPT=48667 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64491 DF PROTO=UDP SPT=42290 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64493 DF PROTO=UDP SPT=52773 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64499 DF PROTO=UDP SPT=36140 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64500 DF PROTO=UDP SPT=41864 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64502 DF PROTO=UDP SPT=35617 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64511 DF PROTO=UDP SPT=51105 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64512 DF PROTO=UDP SPT=52493 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64523 DF PROTO=UDP SPT=41911 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64524 DF PROTO=UDP SPT=34195 DPT=443 LEN=1124
Nov 24 19:01:33 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=xx.xx.xx.xx DST=37.120.147.2 LEN=1144 TOS=0x00 PREC=0x00 TTL=64 ID=64527 DF PROTO=UDP SPT=60290 DPT=443 LEN=1124

I don't see these with my AX88U .14 beta2. Skynet is blocking your router's "outbound" connection to IP 37.120.147.2. What is the result of "firewall stats search ip 37.120.147.2 20" ?

 

[Butterfly Bones]

Skynet would only be blocking destination IPs in the outbound direction. Having your WAN IP as the source means it’s coming from the router instead of a client.
Check that destination IP with

firewall stats search ip 37.120.147.2

is it in any blacklist?

It is Las Vegas
https://whois.domaintools.com/37.120.147.2
I have an Anonymous DNS set as a backup resolver for dnscrypt-proxy.

If I re-enable Skynet, it brings my entire router and network to its knees. I counted over 300 Outbound blocks in 5 seconds. I think that is trying to resolve an address via DNS? Erk.