Skynet Skynet - Router Firewall & Security Enhancements

[dev_null]

Thats because your logs were purged as they reached 10MB. I previously didn't reset the counter during this situation but now that more people pay attention to it due to the WebUI I've changed this.

But my logs are not zeroed out, and I have plenty of showing log entries...

Spoiler: Screen shot

I'm cool with all this - I know Skynet is working - but just curious about the totals (which I used to have via SSH).

 

[Adamm]

But my logs are not zeroed out, and I have plenty of showing log entries...

Spoiler: Screen shot

View attachment 21447

I'm cool with all this - I know Skynet is working - but just curious about the totals (which I used to have via SSH).

Have you unbanned/whitelisted an entry recently? That will also put the tallys out of sync.

In any case, you can confirm everything is working as expected by the following command;

grep -F "OUTBOUND" /path/to/usb/folder/skynet.log

If it returns nothing, Skynet is working as expected.

 

[Joshuajackson]

Does the output from the SSH version of stats provide different data to the WebUI version?

sh /jffs/scripts/firewall stats

Not sure what website you are buying from, they are listed as $150AUD ($100USD) new on eBay and even less second hand.

i dont like buying used because you never know what is wrong with it, you cant really format the whole router and do a fresh install of firmware such as like on windows, if there were to be a problem

 

[Joshuajackson]

here is an example of a new unit yes ik its CAD im from canada https://www.amazon.ca/dp/B00MMMO9M4/?tag=smallncom-20

 

[dev_null]

Have you unbanned/whitelisted an entry recently? That will also put the tallys out of sync.

In any case, you can confirm everything is working as expected by the following command;

grep -F "OUTBOUND" /path/to/usb/folder/skynet.log

If it returns nothing, Skynet is working as expected.

Returns a boatload, here's a sample, limited by | more:

Spoiler: grep output

username@RT-AC66U_B1:/tmp/mnt# grep -F "OUTBOUND" /mnt/120G/skynet/skynet.log | more
Feb 17 08:00:03 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54611 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:04 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54612 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:06 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54613 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:08 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:00:26:c6:a0:24:ac:08:00 SRC=10.1.1.154 DST=77.234.42.248 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=61246 DF PROTO=TCP SPT=52806 DPT=80 SEQ=1394513300 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:10 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54614 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:14 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:00:26:c6:a0:24:ac:08:00 SRC=10.1.1.154 DST=77.234.42.249 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=21438 DF PROTO=TCP SPT=52808 DPT=80 SEQ=1578236074 ACK=

But since it appears to be just me, I'll live without it. Thanks again for a great app!

 

[L&LD]

you cant really format the whole router and do a fresh install of firmware such as like on windows, if there were to be a problem

Um, actually? You can.

https://www.snbforums.com/members/l-ld.24423/

See the M&M Config and the Nuclear Reset guides for a start.

If any issues continue to persist? Particularly after a quick search on the forums here or a pertinent question posted in the right forum/thread and waiting enough time for a good response?

Then it is a hardware fault (almost certainly and without question).

 

[Joshuajackson]

Um, actually? You can.

https://www.snbforums.com/members/l-ld.24423/

See the M&M Config and the Nuclear Reset guides for a start.

If any issues continue to persist? Particularly after a quick search on the forums here or a pertinent question posted in the right forum/thread and waiting enough time for a good response?

Then it is a hardware fault (almost certainly and without question).

interesting, now i regret buying DSL-AC51

 

[L&LD]

No regrets! You can sell it too.

 

[Joshuajackson]

No regrets! You can sell it too.

Right but i needed a modem because the one we got from our provider which is a actiontec gt784wnv causes problems as far as i know, we get extremely high bufferbloat which causes lag in games and for example if you upload internet does not work you cant even load google, so yeah im certain its the modem, if this does not fix it then i dont know what will, i have tried using QOS on our router Asus RT-AC68U the provider's modem is bridged still causes problems.

 

[Adamm]

Returns a boatload, here's a sample, limited by | more:

Spoiler: grep output

username@RT-AC66U_B1:/tmp/mnt# grep -F "OUTBOUND" /mnt/120G/skynet/skynet.log | more
Feb 17 08:00:03 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54611 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:04 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54612 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:06 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54613 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:08 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:00:26:c6:a0:24:ac:08:00 SRC=10.1.1.154 DST=77.234.42.248 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=61246 DF PROTO=TCP SPT=52806 DPT=80 SEQ=1394513300 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:10 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:a4:4e:31:41:6b:74:08:00 SRC=10.1.1.105 DST=81.161.59.145 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=54614 DF PROTO=TCP SPT=57506 DPT=80 SEQ=521825544 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Feb 17 08:00:14 RT-AC66U_B1 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=74:d0:2b:db:0c:9f:00:26:c6:a0:24:ac:08:00 SRC=10.1.1.154 DST=77.234.42.249 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=21438 DF PROTO=TCP SPT=52808 DPT=80 SEQ=1578236074 ACK=

But since it appears to be just me, I'll live without it. Thanks again for a great app!

PM me a copy of this file and I'll look into it further.

 

[SomeWhereOverTheRainBow]

[ "$(/usr/bin/find $1/myswap.swp 2> /dev/null)" ] && swapoff $1/myswap.swp # Added by Diversion

swapoff -a 2>/dev/null # Skynet Firewall Addition

so apparently skynet now replaces swap off line from diversion is this normal?

 

[L&LD]

@Joshuajackson have you tried using different DNS providers? Just recently on my 1Gbps up/down symmetrical connection, the ISP supplied DNS were hitting in the seconds!

Changing this to CloudFlare brought the 'fast' back into the Fibre again, but you could try any number of DNS IPs to see if one or another works best for you too.

As for QoS on default Asus firmware. Ugh.

Buy yourself an affordable @GNUton compatible DSL router (there is only one model) and with his firmware fork and amtm and the FreshJR QOS script (and others), you should be able to control that bufferbloat effectively.

 

[Adamm]

so apparently skynet now replaces swap off line from diversion is this normal?

"swapoff -a" method is much more efficient and fail-proof, I'll be looking to make it the new standardized method across all scripts.

 

[SomeWhereOverTheRainBow]

"swapoff -a" method is much more efficient and fail-proof, I'll be looking to make it the new standardized method across all scripts.

I noticed this will unmount every swap, instead of only just the main targeted swap., If the user decides to uninstall skynet will this line be left inside the unmount file, or will diversions swapoff line get re-added, just asking because of conflicts, that can arise from not properly unmounting swaps, and potential data corruptions-if the user decides to uninstall skynet and no swapoff line is present like the one that gets placed by skynet or diversion.

 

[Joshuajackson]

@Joshuajackson have you tried using different DNS providers? Just recently on my 1Gbps up/down symmetrical connection, the ISP supplied DNS were hitting in the seconds!

Changing this to CloudFlare brought the 'fast' back into the Fibre again, but you could try any number of DNS IPs to see if one or another works best for you too.

As for QoS on default Asus firmware. Ugh.

Buy yourself an affordable @GNUton compatible DSL router (there is only one model) and with his firmware fork and amtm and the FreshJR QOS script (and others), you should be able to control that bufferbloat effectively.

Well i am trying to change DNS and i did dns leak test but it shows that its still using my ISP DNS for some reason, and my router RT-AC68U uses merlin

 

[Adamm]

I noticed this will unmount every swap, instead of only just the main targeted swap., If the user decides to uninstall skynet will this line be left inside the unmount file, or will diversions swapoff line get re-added, just asking because of conflicts, that can arise from not properly unmounting swaps, and potential data corruptions-if the user decides to uninstall skynet and no swapoff line is present like the one that gets placed by skynet or diversion.

I can't think of any situation where some would or should have two swap files. Secondly code is called when unmounting USB's so you would definitely want to make sure the swap file is unmounted.

 

[SomeWhereOverTheRainBow]

I can't think of any situation where some would or should have two swap files. Secondly code is called when unmounting USB's so you would definitely want to make sure the swap file is unmounted.

That is why I mentioned it logic prevails that since diversion places the line there, that maybe skynet should not erase that line for the reason that the script may need that line if skynet gets uninstalled then diversion will not have line to cover unmounting of the swap file it made tbh it wouldn't have hurt for you to left that line alone and still add your arbitrary swap off line to the bottom of unmount anyways as a failsafe.

 

[L&LD]

Well i am trying to change DNS and i did dns leak test but it shows that its still using my ISP DNS for some reason, and my router RT-AC68U uses merlin

Do you have the DNSFilter Global Filter mode set to 'Router'?

What other scripts and/or router options are you using?

 

[Joshuajackson]

Do you have the DNSFilter Global Filter mode set to 'Router'?

What other scripts and/or router options are you using?

Yeah it was set to "router" then i tried Quad9 just now and it seemed to have fixed that problem no idea why, i put in the quad9 dns in manually in wan. Scripts i have installed are Diversion Ad blocker (which does not seem to work at all) skynet, unbound manager, dnscrypt and freshjr

 

[L&LD]

@Joshuajackson the scripts you are using together are not meant to be used together.

I think you may need to do some additional research on what each of these scripts does?

If I'm not mistaken, Unbound and DNSCrypt should not be used together.