Menu
What's new
By:
Filters Better Search

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ok, thanks, then it must be something on my side. Trying to figure out now...
 
Ubimo said:
Ok, thanks, then it must be something on my side. Trying to figure out now...
Click to expand...

A better test to confirm if its the same issue;

Code: 
curl -vfsL "https://ipapi.co/1.1.1.1/country/"; echo

curl -vfsL -A "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" "https://ipapi.co/1.1.1.1/country/"; echo

curl -vfsL -A "ASUSWRT-Merlin" "https://ipapi.co/1.1.1.1/country/"; echo
 
Ok, thanks, but I cannot read anything out of this:
admin@myrouter-CD47:/tmp/home/root# curl -vfsL "https://ipapi.co/1.1.1.1/country/"; echo
* Trying 2606:4700:20::681a:92c:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:20::681a:92c: Network is unreachable
* Trying 104.26.8.44:443...
* TCP_NODELAY set
* Connected to ipapi.co (104.26.8.44) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:mad:STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Nov 13 00:00:00 2019 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "ipapi.co" matched cert's "ipapi.co"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
> GET /1.1.1.1/country/ HTTP/1.1
> Host: ipapi.co
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
* The requested URL returned error: 429 Too Many Requests
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):

admin@myrouter-CD47:/tmp/home/root# curl -vfsL -A "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" "https://ipapi.co/1.1.1.1/country/"; echo
* Trying 2606:4700:20::681a:82c:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:20::681a:82c: Network is unreachable
* Trying 104.26.9.44:443...
* TCP_NODELAY set
* Connected to ipapi.co (104.26.9.44) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:mad:STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Nov 13 00:00:00 2019 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "ipapi.co" matched cert's "ipapi.co"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
> GET /1.1.1.1/country/ HTTP/1.1
> Host: ipapi.co
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sat, 14 Mar 2020 17:19:51 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< Connection: keep-alive
< Set-Cookie: __cfduid=d71c08b52d01bcf823e3d83779e755e6c1584206390; expires=Mon, 13-Apr-20 17:19:50 GMT; path=/; domain=.ipapi.co; HttpOnly; SameSite=Lax
< X-Frame-Options: SAMEORIGIN
< Vary: Host
< Allow: GET, OPTIONS, HEAD, OPTIONS, POST
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 573fa976ab487cbe-MUC
<
* Connection #0 to host ipapi.co left intact
AU
admin@myrouter-CD47:/tmp/home/root# curl -vfsL -A "ASUSWRT-Merlin" "https://ipapi.co/1.1.1.1/country/"; echo
* Trying 2606:4700:20::681a:82c:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:20::681a:82c: Network is unreachable
* Trying 104.26.8.44:443...
* TCP_NODELAY set
* Connected to ipapi.co (104.26.8.44) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:mad:STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Nov 13 00:00:00 2019 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "ipapi.co" matched cert's "ipapi.co"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
> GET /1.1.1.1/country/ HTTP/1.1
> Host: ipapi.co
> User-Agent: ASUSWRT-Merlin
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sat, 14 Mar 2020 17:19:59 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< Connection: keep-alive
< Set-Cookie: __cfduid=dfa704c9d349dcb4aac884394722919251584206399; expires=Mon, 13-Apr-20 17:19:59 GMT; path=/; domain=.ipapi.co; HttpOnly; SameSite=Lax
< Allow: HEAD, POST, OPTIONS, OPTIONS, GET
< Vary: Host
< X-Frame-Options: SAMEORIGIN
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 573fa9ab6cca7cbe-MUC
<
* Connection #0 to host ipapi.co left intact
AU
admin@myrouter-CD47:/tmp/home/root#
 
Ubimo said:
Ok, thanks, but I cannot read anything out of this:
admin@myrouter-CD47:/tmp/home/root# curl -vfsL "https://ipapi.co/1.1.1.1/country/"; echo
* Trying 2606:4700:20::681a:92c:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:20::681a:92c: Network is unreachable
* Trying 104.26.8.44:443...
* TCP_NODELAY set
* Connected to ipapi.co (104.26.8.44) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:mad:STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Nov 13 00:00:00 2019 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "ipapi.co" matched cert's "ipapi.co"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
> GET /1.1.1.1/country/ HTTP/1.1
> Host: ipapi.co
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
* The requested URL returned error: 429 Too Many Requests
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):

admin@myrouter-CD47:/tmp/home/root# curl -vfsL -A "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" "https://ipapi.co/1.1.1.1/country/"; echo
* Trying 2606:4700:20::681a:82c:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:20::681a:82c: Network is unreachable
* Trying 104.26.9.44:443...
* TCP_NODELAY set
* Connected to ipapi.co (104.26.9.44) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:mad:STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Nov 13 00:00:00 2019 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "ipapi.co" matched cert's "ipapi.co"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
> GET /1.1.1.1/country/ HTTP/1.1
> Host: ipapi.co
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sat, 14 Mar 2020 17:19:51 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< Connection: keep-alive
< Set-Cookie: __cfduid=d71c08b52d01bcf823e3d83779e755e6c1584206390; expires=Mon, 13-Apr-20 17:19:50 GMT; path=/; domain=.ipapi.co; HttpOnly; SameSite=Lax
< X-Frame-Options: SAMEORIGIN
< Vary: Host
< Allow: GET, OPTIONS, HEAD, OPTIONS, POST
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 573fa976ab487cbe-MUC
<
* Connection #0 to host ipapi.co left intact
AU
admin@myrouter-CD47:/tmp/home/root# curl -vfsL -A "ASUSWRT-Merlin" "https://ipapi.co/1.1.1.1/country/"; echo
* Trying 2606:4700:20::681a:82c:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:20::681a:82c: Network is unreachable
* Trying 104.26.8.44:443...
* TCP_NODELAY set
* Connected to ipapi.co (104.26.8.44) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:mad:STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Nov 13 00:00:00 2019 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "ipapi.co" matched cert's "ipapi.co"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
> GET /1.1.1.1/country/ HTTP/1.1
> Host: ipapi.co
> User-Agent: ASUSWRT-Merlin
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sat, 14 Mar 2020 17:19:59 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< Connection: keep-alive
< Set-Cookie: __cfduid=dfa704c9d349dcb4aac884394722919251584206399; expires=Mon, 13-Apr-20 17:19:59 GMT; path=/; domain=.ipapi.co; HttpOnly; SameSite=Lax
< Allow: HEAD, POST, OPTIONS, OPTIONS, GET
< Vary: Host
< X-Frame-Options: SAMEORIGIN
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 573fa9ab6cca7cbe-MUC
<
* Connection #0 to host ipapi.co left intact
AU
admin@myrouter-CD47:/tmp/home/root#
Click to expand...

The fix is working fine, your problem is elsewhere.
 
Adamm said:
Whats the output of;

Code: 
sh /jffs/scripts/firewall debug info
Click to expand...

Router Model; RT-AC86U
Skynet Version; v7.1.3 (13/03/2020) (11855137d302091048cc3f4cfbf369e8)
iptables v1.4.15 - (eth0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.50) - (/)
FW Version; 384.15_0 (Feb 8 2020) (4.1.27)
Install Dir; /tmp/mnt/HpNoRegrets/skynet (6.0G / 7.4G Space Available)
SWAP File; /tmp/mnt/HpNoRegrets/myswap.swp (1.0G)
Uptime; 0 days, 2 hours, 38 minutes.
Ram Available; (84M / 430M)

...and then a list of who is online.
 
WMConey said:
Router Model; RT-AC86U
Skynet Version; v7.1.3 (13/03/2020) (11855137d302091048cc3f4cfbf369e8)
iptables v1.4.15 - (eth0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.50) - (/)
FW Version; 384.15_0 (Feb 8 2020) (4.1.27)
Install Dir; /tmp/mnt/HpNoRegrets/skynet (6.0G / 7.4G Space Available)
SWAP File; /tmp/mnt/HpNoRegrets/myswap.swp (1.0G)
Uptime; 0 days, 2 hours, 38 minutes.
Ram Available; (84M / 430M)

...and then a list of who is online.
Click to expand...

Please post the full output, you can redact the client list that’s not so important
 
Skynet is blocking internet access for my route-planning program (ITN Converter), but I'm not sure exactly what I need to whitelist as I've not used that feature yet. Do I just need to add all the associated domains shown below?

This is what the log is showing:-
Mar 15 12:36:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=04:d4:c4:51:cd:08:a0:51:0b:7e:89:7a:08:00 SRC=10.0.4.121 DST=217.160.123.2 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=15565 DF PROT)

Associated Domain(s) - [benichou-software.com download.benitools.info itnconv.benitools.info geoip.benitools.info]
 
TheLyppardMan said:
Skynet is blocking internet access for my route-planning program (ITN Converter), but I'm not sure exactly what I need to whitelist as I've not used that feature yet. Do I just need to add all the associated domains shown below?

This is what the log is showing:-
Mar 15 12:36:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=04:d4:c4:51:cd:08:a0:51:0b:7e:89:7a:08:00 SRC=10.0.4.121 DST=217.160.123.2 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=15565 DF PROT)

Associated Domain(s) - [benichou-software.com download.benitools.info itnconv.benitools.info geoip.benitools.info]
Click to expand...
Actually, I've just added all the associated domains and it seems to be working now.
 
TheLyppardMan said:
Skynet is blocking internet access for my route-planning program (ITN Converter), but I'm not sure exactly what I need to whitelist as I've not used that feature yet. Do I just need to add all the associated domains shown below?

This is what the log is showing:-
Mar 15 12:36:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=04:d4:c4:51:cd:08:a0:51:0b:7e:89:7a:08:00 SRC=10.0.4.121 DST=217.160.123.2 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=15565 DF PROT)

Associated Domain(s) - [benichou-software.com download.benitools.info itnconv.benitools.info geoip.benitools.info]
Click to expand...
Run this command to see why it’s blocked:
Code: 
firewall stats search ip 217.160.123.2
It’s not in my blocklist, so it might by from AiProtection.
 
The last line, does anyone know what this is? Is this normal?
Code: 
Mar 15 17:54:36 dropbear[1305]: Running in background
Mar 15 17:54:36 custom_script: Running /jffs/scripts/service-event (args: restart leds)
Mar 15 17:54:36 custom_script: Running /jffs/scripts/service-event (args: restart usb_idle)
Mar 15 17:54:36 custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Mar 15 17:54:37 hour_monitor: daemon is starting
Mar 15 17:54:37 hour_monitor: daemon terminates
Mar 15 17:54:37 nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Mar 15 17:54:37 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Mar 15 17:54:37 custom_script: Running /jffs/scripts/service-event (args: restart bhblock)
Mar 15 17:54:37 rc: received unrecognized event: bhblock

Here is the file /jffs/scripts/service-event:
Code: 
#!/bin/sh

if [ "$1" = "start" ] && [ "$2" = "SkynetStats" ]; then sh /jffs/scripts/firewall debug genstats; fi # Skynet Firewall Addition
 
Last edited:
WMConey said:
I've been running Skynet for about three weeks now and I have yet to get any blocked inbound connection attempts. Outbound, yes, but inbound is completely clean ["No Data To Display"] which I find hard to believe. Any suggestions on how to investigate this?
Click to expand...
Weird for me it's the opposite, outboud are empty.

sh /jffs/scripts/firewall debug info gives normal result
 
Rhialto said:
Weird for me it's the opposite, outboud are empty.

sh /jffs/scripts/firewall debug info gives normal result
Click to expand...
vdemarco said:
Also for me i have no outbound blocks either.
Click to expand...
Having no outbound blocks is a good thing. Nothing in your network is trying to communicate with known malware ip addresses.

I was getting a new outbound block yesterday trying to read work emails in the Outlook client for iOS. An edge.net ip was blocked, so messages wouldn’t load. But usually outbound is rare for me, thankfully.
 
Just installed on Johns Fork 374.43_42D5j9527
Unable to see TAB under Firewall. It is running I see in stats . See in debug

Local WebUI Files | [Failed]
Mounted WebUI Files | [Failed]


upload_2020-3-15_12-58-24.png


I think I may know why as it is none GA I see

[$] ./firewall settings webui enable


=============================================================================================================


[*] Firmware Version Not Supported - Please Update To Use This Feature
 
Last edited:
@Adamm Can expand on this.

I don't believe john's fork is up to date enough to use these new features.
 
Adamm said:
Please post the full output, you can redact the client list that’s not so important
Click to expand...

Router Model; RT-AC86U
Skynet Version; v7.1.3 (14/03/2020) (e3e9b2ef939c8c1f0bf79d30bdd245ca)
iptables v1.4.15 - (eth0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.50)
FW Version; 384.16_beta1 (Mar 14 2020) (4.1.27)
Install Dir; /tmp/mnt/HpNoRegrets/skynet (6.0G / 7.4G Space Available)
SWAP File; /tmp/mnt/HpNoRegrets/myswap.swp (1.0G)
Uptime; 0 days, 0 hours, 56 minutes.
Ram Available; (87M / 430M)


--------------- | ------------ | ---------------
| Device Name | | | Local IP | | | MAC Address |
--------------- | ------------ | ---------------



-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 4 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Ban AiProtect | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

16/16 Tests Sucessful


================================================================================


[#] 145594 IPs (+0) -- 1784 Ranges Banned (+0) || 0 Inbound -- 1 Outbound Conne]
 
Makaveli said:
@Adamm Can expand on this.

I don't believe john's fork is up to date enough to use these new features.
Click to expand...
The issue with the Skynet UI in the fork is that the router webui is old design and not as easy to integrate with as the Merlin 384 branch. I’ve tried a couple times, but it’s way beyond my skill level. Perhaps a sample from @john9527 on how to create a new page in the UI as Merlin has documented in the wiki: https://github.com/RMerl/asuswrt-merlin.ng/wiki/Addons-API

At this point I don’t think it’s easy for anyone to work on without direct engagement with John.
 
dave14305 said:
The issue with the Skynet UI in the fork is that the router webui is old design and not as easy to integrate with as the Merlin 384 branch. I’ve tried a couple times, but it’s way beyond my skill level. Perhaps a sample from @john9527 on how to create a new page in the UI as Merlin has documented in the wiki: https://github.com/RMerl/asuswrt-merlin.ng/wiki/Addons-API

At this point I don’t think it’s easy for anyone to work on without direct engagement with John.
Click to expand...
I likely could do it - but it adds a whole new dimension for support which I don't have the capacity to take on right now.
 
You must log in or register to reply here.

Similar threads

W
Looking for an add-on that does...
Replies
5
Views
2K
JGrana
JGrana
Viktor Jaep
Skynet Filter Validator v0.7 - Skynet Firewall Filter List IPv4 Integrity Validator
3 4 5
Replies
83
Views
13K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
Viktor Jaep
TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)
Replies
2
Views
87
Viktor Jaep
Viktor Jaep
RMerlin
Fun with ChatGPT...
2
Replies
33
Views
2K
RMerlin
RMerlin
M
Firewall doesen't block custom rules, neighter Skynet
Replies
0
Views
1K
MamaLing
M
Similar threads
Thread starter Title Forum Replies Date
Klonoa Skynet Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 1
S Skynet Skynet showing router itself making calls to China? Asuswrt-Merlin AddOns 26
J Skynet Skynet - Blocked outbounds coming from the router itself? Asuswrt-Merlin AddOns 12
O Skynet Installing Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 26
L Skynet I have installed the skynet firewall how do I configure it if the security of iot devices is important? Asuswrt-Merlin AddOns 2
Davidncali001 Skynet Message on SKYNET I havent seen before Asuswrt-Merlin AddOns 1
S Skynet firewall reduces wireless range Asuswrt-Merlin AddOns 14
P Skynet Internet speed lower with Skynet on Asuswrt-Merlin AddOns 9
N Skynet SkyNet/Firewall blocking all ping requests, including outbound Asuswrt-Merlin AddOns 6
W Skynet SOLVED: Scrollbar Disappears on Skynet Tab on Asuswrt-Merlin 386.14 Asuswrt-Merlin AddOns 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 655 (members: 16, guests: 639)
Top