What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

FWIW, I too only use Skynet since I found memory leakage when using the Trend offerings......I'd prefer to use Trend as well, but I don't like having to reset the router because of maxed out ram usage every two weeks.....Skynet is bloody awesome anyhow
I set my Asus routers to reboot in the middle of the night on Sundays. Gets rid of any non-persistent malware and seems to make my VPN server more stable.
 
Adamm,
I got this comment from the project.
"Hosts files won't work as they lack support for things like blocking all subdomains of a domain, which is something 90dns relies on."
So is it better in this scenario to add it to skynet?

BTW, I ran it the import script again and it blocked the domain(s) totally by IP.
my other question is how come my pc's ping command returns the correctIP but show's no data, shouldn't it not be able to find the IP.
 
Last edited:
Adamm,
I got this comment from the project.
"Hosts files won't work as they lack support for things like blocking all subdomains of a domain, which is something 90dns relies on."
So is it better in this scenario to add it to skynet?
What about Diversion wildcard blacklist?
Code:
 - The wildcard-blacklist blocks everything
   ending with *domain.com.
 
Ok i guess I will add all the domains 1 by 1 into the wildcard blacklist in diversion.

/opt/share/diversion/list/wc_blacklist
 
Few devices on my network are trying to connect to 23.129.64.159. Devices are nodemcu board running konnected.io firmware, TP-Link HS110 smart plug. Can someone shed some light on this?
 
Few devices on my network are trying to connect to 23.129.64.159. Devices are nodemcu board running konnected.io firmware, TP-Link HS110 smart plug. Can someone shed some light on this?
Alienvault Online Threat Exchange, previously malicious, not malicious now.
https://otx.alienvault.com/indicator/ip/23.129.64.159
Scroll down to the Passive DNS section shows it is part of pool.ntp.org, very odd. If I were you, I would change my ntp selection.
 
Is there any way to get a "install script" produced, that is basically just a long list like:
Code:
sh /jffs/scripts/firewall import https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1
sh /jffs/scripts/firewall ban country

What I am after is a way to copy my settings to my mothers Asus AC88 router...
 
Is there any way to get a "install script" produced, that is basically just a long list like:
Code:
sh /jffs/scripts/firewall import https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1
sh /jffs/scripts/firewall ban country

What I am after is a way to copy my settings to my mothers Asus AC88 router...

As per the readme;

Code:
( sh /jffs/scripts/firewall debug backup ) Backup Skynet Files To Skynets Install Directory With The Name "Skynet-Backup.tar.gz"
( sh /jffs/scripts/firewall debug restore ) Restore Backup Files From Skynets Install Directory With The Name "Skynet-Backup.tar.gz"
 
As per the readme;

Code:
( sh /jffs/scripts/firewall debug backup ) Backup Skynet Files To Skynets Install Directory With The Name "Skynet-Backup.tar.gz"
( sh /jffs/scripts/firewall debug restore ) Restore Backup Files From Skynets Install Directory With The Name "Skynet-Backup.tar.gz"

Yes I know that, but it is not what I asked for. You can not run that gz file as a bash script....
 
Yes I know that, but it is not what I asked for. You can not run that gz file as a bash script....
Please clarify what you want. A script that will:
  1. Install skynet
  2. Manually run each command to mimic the configuration of router A so that you can replicate the same skynet.cfg on router B?
  3. etc.
 
What I am after is from a Korn or BASH Linux shell script:
1) Install (that is documented on page #1, post #1 so no need for that one) - and do have a look on L&LDs recommendation (se last line of this post)
2) Automagic setup by issuing all the commands that I have on my current config WITHOUT restore of backup gz file. This is all the command like:
sh /jffs/scripts/firewall import <URL>
sh/jffs/scripts/firewall ban country <list of countrycodes>
sh/jffs/scripts/firewall <what ever is configured>
A backup/restore will only work, for me, if everything is identical - this may or may not be the case. In the case of my mother there will be additional things, and maybe something I will remove. By getting only the commands that is needed, there is no need, there will be a from scratch rebuild process, that is not part of any old "play around config issue". Call it a clean restart. Since every file that is needed, url/blacklist/ban malware's lists and so on, can easily be downloaded, and should so be to be fresh, there is simply no reason to take a chance with backup restore process since well I can not for 100% sure say what is in that backup.

I fully understand that this may be odd request, but the point is that it will give an opportunity to rebuild any installation from scratch without large backup file. My backup for example is:

-rw-rw-rw- 1 admin root 2.034.490 Dec 15 10:35 Skynet-Backup.tar.gz​

And I would guess that the script file needed to set this up from scratch would be a lot smaller than that, and easily emailed over. And/or would also be a nice contribution for anyone who like to share a base setup for Skynet - "just run this commands" and away everyone can start. Now it is like a smörgåsbord - a lot of searching before one gets up to speed. For example there is a much simpler script in the WiKi - why not try to make Skynet the prefered solution instead of a large number of scripts.

Yes the freedom of choice is good - however with that comes the risk of doing something that may break anything, so why not set up a preferred way?
L&LD has what I think is a great start with his suggestion on how to set things up - it just needs to be a few additions maybe, and a sticky:
https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/

 
What I am after is from a Korn or BASH Linux shell script:
1) Install (that is documented on page #1, post #1 so no need for that one) - and do have a look on L&LDs recommendation (se last line of this post)
2) Automagic setup by issuing all the commands that I have on my current config WITHOUT restore of backup gz file. This is all the command like:
sh /jffs/scripts/firewall import <URL>
sh/jffs/scripts/firewall ban country <list of countrycodes>
sh/jffs/scripts/firewall <what ever is configured>
A backup/restore will only work, for me, if everything is identical - this may or may not be the case. In the case of my mother there will be additional things, and maybe something I will remove. By getting only the commands that is needed, there is no need, there will be a from scratch rebuild process, that is not part of any old "play around config issue". Call it a clean restart. Since every file that is needed, url/blacklist/ban malware's lists and so on, can easily be downloaded, and should so be to be fresh, there is simply no reason to take a chance with backup restore process since well I can not for 100% sure say what is in that backup.

I fully understand that this may be odd request, but the point is that it will give an opportunity to rebuild any installation from scratch without large backup file. My backup for example is:

-rw-rw-rw- 1 admin root 2.034.490 Dec 15 10:35 Skynet-Backup.tar.gz​

And I would guess that the script file needed to set this up from scratch would be a lot smaller than that, and easily emailed over. And/or would also be a nice contribution for anyone who like to share a base setup for Skynet - "just run this commands" and away everyone can start. Now it is like a smörgåsbord - a lot of searching before one gets up to speed. For example there is a much simpler script in the WiKi - why not try to make Skynet the prefered solution instead of a large number of scripts.

Yes the freedom of choice is good - however with that comes the risk of doing something that may break anything, so why not set up a preferred way?
L&LD has what I think is a great start with his suggestion on how to set things up - it just needs to be a few additions maybe, and a sticky:
https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/


There’s no need to reinvent the wheel. What you are asking is already the case with the backup/restore method. Writing a new script that essentially generates commands line by line is inefficient on so many levels and you would enevitibly end up with the same result.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top