Skynet Skynet - Router Firewall & Security Enhancements

[5stringdeath]

What does: 11 - 7 "Ban AiProtect" actually do? I use AiProtect and it seems to have been functioning, but this wording makes me think I should have the setting set to disabled. I believe its enabled by default (as I've never changed it)

 

[visortgw]

What does: 11 - 7 "Ban AiProtect" actually do? I use AiProtect and it seems to have been functioning, but this wording makes me think I should have the setting set to disabled. I believe its enabled by default (as I've never changed it)

Once something is blocked by AiProtect, it's added to banned list.

 

[bluepoint]

Just checking on a watch. When Skynet is enabled, I see in browser (Chrome) the steps: Secure connection establishment, waiting for server for 5-10 sec. If I turned off, the page is loaded in 1-2 sec. Also checking the router on ssh and see that the processor is only 1-2%. So I don't understand what happening, maybe my settings is wrong. When restarting the Skynet the processor is 25-75% for 1-2 minutes. Also testing ping and it stays stable (2-3 msec) with and without Skynet. So I guess I need change some settings, but no idea what.

Is your experience consistent with other brand of browsers? I see you are using chrome?

 

[Adamm]

I made some test, same web pages with and without Skynet (temporarily disabled).
1. 11,5 v 1,61 sec
2. 11,4 v 0,43 sec
3. 7,37 v 1,85 sec
4. 42,3 v 1,64

Data from page load time extension. Thanks for elorimer.

4th web page (speedtest.net)
Skynet is running:
View attachment 20778

Skynet is disabled:
View attachment 20779

Dave14305: Pixelserv CA is already imported. When Skynet is disabled the time are significally lower.

Can't reproduce this on my end, is there an element of the page that's perhaps being blocked and timing out? Check your syslog when loading the page for blocked entries.

You should also be able to use the browser profiling tools in the f12 menu to see exactly whats taking up so much time.

 

[5stringdeath]

Once something is blocked by AiProtect, it's added to banned list.

Thanks! I'll leave it on

 

[Ripo05]

Can't reproduce this on my end, is there an element of the page that's perhaps being blocked and timing out? Check your syslog when loading the page for blocked entries.

You should also be able to use the browser profiling tools in the f12 menu to see exactly whats taking up so much time.

I uninstalled and reinstalled the Skynet. Now it seems everything is ok. Tested 20+ websites, all of them loaded in 1-2 secs. Probably I made something wrong, I don't know. Thanks for everybody for helping!

 

[5stringdeath]

I'm on the Alpha, have tried all the tricks (reinstalls, uf, reboots, etc.) that I could find listed here but I cannot get the UI to show up in the Web interface. Anything else I can try? Skynet is working fine.

 

[Adamm]

I'm on the Alpha, have tried all the tricks (reinstalls, uf, reboots, etc.) that I could find listed here but I cannot get the UI to show up in the Web interface. Anything else I can try? Skynet is working fine.

Post the output of;

sh /jffs/scripts/firewall debug info

 

[5stringdeath]

Router Model; RT-AC3100
Skynet Version; v7.0.7 (09/01/2020) (2192449a120cf231a7a9a55c7b168e1a)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.15_alpha1-g4fecf771de (Jan 1 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/asusdrive/skynet (11.1G / 14.3G Space Available)
SWAP File; /tmp/mnt/asusdrive/myswap.swp (2.0G)
Uptime; 0 days, 18 hours, 57 minutes.
Ram Available; (220M / 503M)

| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
SWAP                                | [Passed]
Cron Jobs                           | [Passed]
IPSet Comment Support               | [Passed]
Log Level 4 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]
Diversion Plus Content              | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Ban AiProtect                       | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

Redacted IP and other client personal data

 

[Adamm]

Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]

According to these tests the tab should be working, make sure you are looking under the firewall section in the WebUI.

 

[5stringdeath]

According to these tests the tab should be working, make sure you are looking under the firewall section in the WebUI.

After another reboot it showed up.

Key stats are populated - however every other section just has huge text that says NO DATA TO DISPLAY, even after I manually triggered a stats update, in either the UI or via AMTM

Actually AMTM says "No Logging Data Detected" so maybe it just needs time. Thanks for the help.

 

[Adamm]

After another reboot it showed up.

Key stats are populated - however every other section just has huge text that says NO DATA TO DISPLAY, even after I manually triggered a stats update, in either the UI or via AMTM

Is the output in the following command any different?

sh /jffs/scripts/firewall stats

 

[Davidncali001]

I just installed the beta Merlin firmware that allows for SkyNet stats so I SSH'd into the router and enabled logs on SkyNet, something I always left turned off.

When I get back into the router GUI, and go to the logs I see tons of SkyNet blocked logs.

This is probably normal I'm sure but just wanted a confirmation that indeed it is supposed to do that when logging is enabled in SkyNet. Also in SkyNet do I need dropped packets logging enabled?

 

[5stringdeath]

Is the output in the following command any different?

sh /jffs/scripts/firewall stats

[*] No Logging Data Detected - Give This Time To Generate

 

[Adamm]

[*] No Logging Data Detected - Give This Time To Generate

Looks like your not generating hits, do you happen to get assigned an IP via CGNAT from your provider?

 

[Adamm]

I just installed the beta Merlin firmware that allows for SkyNet stats so I SSH'd into the router and enabled logs on SkyNet, something I always left turned off.

When I get back into the router GUI, and go to the logs I see tons of SkyNet blocked logs.

This is probably normal I'm sure but just wanted a confirmation that indeed it is supposed to do that when logging is enabled in SkyNet. Also in SkyNet do I need dropped packets logging enabled?

Correct this is expected.

 

[5stringdeath]

Looks like your not generating hits, do you happen to get assigned an IP via CGNAT from your provider?

No idea. I have Verizon FiOS. My IPV6 is active too as its fully supported where I live. All I know about the IPV4 IP is it looks normal to me and I do get a new one after (most) reboots.

I know this used to work because in AMTM I could go into the "Stats" menu and see the top 10 / Both ... etc. It would generate charts.

 

[Adamm]

No idea. I have Verizon FiOS. My IPV6 is active too as its fully supported where I live. All I know about the IPV4 IP is it looks normal to me and I do get a new one after (most) reboots.

I know this used to work because in AMTM I could go into the "Stats" menu and see the top 10 / Both ... etc. It would generate charts.

Your log level settings are non-default, these should be at;

Default message log level - notice
Log only messages more urgent than - debug


See if this fixes the issue.

 

[Butterfly Bones]

I'm seeing No Data to Display today. It was there and the long series of troubleshooting a couple days were from those being displayed. I enabled Skynet stats the day you released it. Router uptime 7 days plus. This is the first time that has occured, I check that page a couple times a day after the 12 hours update times.

 

[Adamm]

I'm seeing No Data to Display today. It was there and the long series of troubleshooting a couple days were from those being displayed. I enabled Skynet stats the day you released it. Router uptime 7 days plus. This is the first time that has occured, I check that page a couple times a day after the 12 hours update times.

Your log file was probably purged recently (we purge this at 10MB) and you haven't had any outbound blocks since. Compare the stats webpage to the CLI version, only then if there is a difference you should investigate further;

sh /jffs/scripts/firewall stats