Skynet Skynet - Router Firewall & Security Enhancements

[JohnD5000]

Can anyone explain why this sh /jffs/scripts/firewall settings iot list returns error?

admin@RT-AC86U-07F8:/jffs/scripts# sh /jffs/scripts/firewall settings iot list
#############################################################################################################
# #
# ███████╗██╗ ██╗██╗ ██╗███╗ ██╗███████╗████████╗ ██╗ ██╗███████╗ #
# ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗ ██║██╔════╝╚══██╔══╝ ██║ ██║╚════██║ #
# ███████╗█████╔╝ ╚████╔╝ ██╔██╗ ██║█████╗ ██║ ██║ ██║ ██╔╝ #
# ╚════██║██╔═██╗ ╚██╔╝ ██║╚██╗██║██╔══╝ ██║ ╚██╗ ██╔╝ ██╔╝ #
# ███████║██║ ██╗ ██║ ██║ ╚████║███████╗ ██║ ╚████╔╝ ██║ #
# ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═══╝ ╚═╝ #
# #
# Router Firewall And Security Enhancements #
# By Adamm - https://github.com/Adamm00/IPSet_ASUS #
# 01/02/2020 - v7.0.9 #
#############################################################################################################
=============================================================================================================
Command Not Recognized, Please Try Again
For Help Check https://github.com/Adamm00/IPSet_ASUS#help
For Common Issues Check https://github.com/Adamm00/IPSet_ASUS/wiki#common-issues
admin@RT-AC86U-07F8:/jffs/scripts#

 

[Makaveli]

I've pushed v7.1.0

chart.js v2.7.3 ==> v2.9.3
chartjs-plugin-zoom v0.7.0 ==> v0.7.5

just updated to this version no issues thanks.

 

[Adamm]

Can anyone explain why this sh /jffs/scripts/firewall settings iot list returns error?

Because you are using a non-existent command

( sh /jffs/scripts/firewall settings iot view ) View Currently Banned IOT Devices

 

[JohnD5000]

Because you are using a non-existent command

( sh /jffs/scripts/firewall settings iot view ) View Currently Banned IOT Devices

Ahh, that works! Did this get changed? I was reading post 3951 and it was "list" not "view" in your posting there.

 

[dave14305]

Just wondering if the WebUI is still supposed to be considered a beta now that 384.15 is final and Skynet 7.1.0 is released?

 

[dugaduga]

Is logging enabled? If Skynet is at fault, it would leave evidence in its logging.

Yes it is enabled but there was no evidence that skynet was at fault, except for the obvious fact that only when I temporarily disabled skynet did my internet start working again. But the latest 7.1.0 seems to have ironed all that out; I also updated to the latest stable release at the same time, upon reboot my net was working again without having to clear all skynet rules. Good work adam.

 

[dugaduga]

Spoke too soon; if skynet is enabled I have no internet; only cached DNS works. I have to unban all, and then reload all rules manually to fix it, or uninstall skynet. If I reboot after reloading rules the problem occurs again. Lockfile taking 10-30 minutes seems to be fixed now. Debug print passed everything.

 

[dugaduga]

For whatever reason lock file took 1-2 minutes to load even with no rules. Ok so temporarily removing all rules no longer fixes this problem, i have to disable skynet temporarily or altogether now even without it having rules. this skynet thing seems to have a mind of its own and gone rogue on me. Now when I disable skynet it takes about 30 seconds for my internet to be unblocked instead of 5-10 seconds. Skynet is has officially self immolated.

 

[L&LD]

@dugaduga, I think you need to get your router and your amtm + Entware set up to a good/known state.

 

[dugaduga]

For now I have to disable / uninstall skynet, its the only problem software. Everything is up to date and working otherwise. Skynet was working perfectly fine for years until the latest updates; I recently began unloading the following services at boot, could this have something to do with it? or what about a 1.7 million host list in diversion.


service stop_nas
service stop_lpd
service stop_u2ec
service stop_wpsaide
service stop_wanduck
service stop_watchdog

where can I manually edit skynets list of block lists? maybe a full uninstall-reinstall is in order, ill just re-import them rather than loading from a potentially corrupted backup

 

[AntonK]

Hi,
I'm curious what others think about this: If you're running Diversion and Skynet, is there any point in running AIProtection? Or can you reduce the overhead on your router by turning it off?

Anton.

 

[dave14305]

Hi,
I'm curious what others think about this: If you're running Diversion and Skynet, is there any point in running AIProtection? Or can you reduce the overhead on your router by turning it off?

I run Diversion and Skynet with AIProtection disabled. Saves a lot of memory.

 

[dave14305]

For now I have to disable / uninstall skynet, its the only problem software. Everything is up to date and working otherwise. Skynet was working perfectly fine for years until the latest updates; I recently began unloading the following services at boot, could this have something to do with it? or what about a 1.7 million host list in diversion.


service stop_nas
service stop_lpd
service stop_u2ec
service stop_wpsaide
service stop_wanduck
service stop_watchdog

where can I manually edit skynets list of block lists? maybe a full uninstall-reinstall is in order, ill just re-import them rather than loading from a potentially corrupted backup

It may not be Skynet's fault if the FireHOL lists have been updated to block something in your DNS setup. You mentioned dnscrypt before. Skynet will whitelist servers it finds in the relays.md and public-resolvers.md. You haven't really provided any hints to what Skynet is blocking (what ports? inbound or outbound?).

Disable Ban AIProtect if you think Skynet is picking up stuff it shouldn't from the Trend Micro components.

 

[dugaduga]

It may not be Skynet's fault if the FireHOL lists have been updated to block something in your DNS setup. You mentioned dnscrypt before. Skynet will whitelist servers it finds in the relays.md and public-resolvers.md. You haven't really provided any hints to what Skynet is blocking (what ports? inbound or outbound?).

Disable Ban AIProtect if you think Skynet is picking up stuff it shouldn't from the Trend Micro components.

Thank you dave. That is what I thought earlier, bad or compromised rules. Ok I will test the ban AI Protect thing, I am not seeing anything in the logs out of the norm except what I mentioned earlier, skynet blocking

 Feb 9 03:33:09 kernel: DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:04:95:e6:28:37:30:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF OPT (94040000) PROTO=2\

 

[dave14305]

Thank you dave. That is what I thought earlier, bad or compromised rules. Ok I will test the ban AI Protect thing, I am not seeing anything in the logs out of the norm except what I mentioned earlier, skynet blocking

 Feb 9 03:33:09 kernel: DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:04:95:e6:28:37:30:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF OPT (94040000) PROTO=2\

This looks like a default firewall logdrop before Skynet is fully running. Is there nothing in the syslog with [BLOCKED - OUTBOUND] or [BLOCKED - INBOUND]?

 

[Jack Yaz]

This looks like a default firewall logdrop before Skynet is fully running. Is there nothing in the syslog with [BLOCKED - OUTBOUND] or [BLOCKED - INBOUND]?

That's also a multicast IP

 

[dugaduga]

This looks like a default firewall logdrop before Skynet is fully running. Is there nothing in the syslog with [BLOCKED - OUTBOUND] or [BLOCKED - INBOUND]?

No signs or reports at all, it was happening even with Skynet enabled and all rules purged completely, however after disabling AI Protect in Skynet the problem appears to be solved. So far so good. Thanks dave! huge help.

Interestingly, there have been no new AI protect events in over a year since AI protect registered an attack directly from Asus's website to my subnet IP, while I was browsing their webpage... which I just posted on the forums here recently, a post that was apparently mutilated by those good ops keeping your best interests at heart. So what would make the sudden change in Skynet? I've since disabled AI protection given how rare an attack is when its not facing the WAN directly.

 

[RMerlin]

For now I have to disable / uninstall skynet, its the only problem software. Everything is up to date and working otherwise. Skynet was working perfectly fine for years until the latest updates; I recently began unloading the following services at boot, could this have something to do with it? or what about a 1.7 million host list in diversion.


service stop_nas
service stop_lpd
service stop_u2ec
service stop_wpsaide
service stop_wanduck
service stop_watchdog

where can I manually edit skynets list of block lists? maybe a full uninstall-reinstall is in order, ill just re-import them rather than loading from a potentially corrupted backup

nas is required for WPA authentication, wanduck is required to handle the WAN interface, and watchdog will handle various things including DDNS updates. You shouldn't interfere with these services.

 

[Guido Medina]

Quick question: I installed today Skynet and Diversion, everything is working OK, should I disable the default router firewall? assuming that Skynet firewall rules covers and does better than the default firewall.

RT-AC86U, Merlin firmware v384.15

 

[dave14305]

Quick question: I installed today Skynet and Diversion, everything is working OK, should I disable the default router firewall? assuming that Skynet firewall rules covers and does better than the default firewall.

No. It enhances the existing firewall.