Skynet Skynet - Router Firewall & Security Enhancements
M
MarCoMLXXV
Guest
To @john9527 and @Adamm for their hard work and continuous efforts and commitment ...
Ps. I'm not this hot by far in real life, but frankly, when looking in the clouded mirror, while looking for my glasses and a touch of imagination, I'm frankly not that far off, to be true... That, or it might be time to pay the optometrist another visit
Ps. I'm not this hot by far in real life, but frankly, when looking in the clouded mirror, while looking for my glasses and a touch of imagination, I'm frankly not that far off, to be true... That, or it might be time to pay the optometrist another visit
steelskinz
Regular Contributor
Great news, good feature ! Will it be possible to do a one shot reload of the current whitelist to add comments too or it is too difficult ?
Adamm
Part of the Furniture
Existing entries on all sets will have to be removed and readded if you wish to add a comment. Banmalware/ban country/list importing will automatically convert current entries upon their next run.
The only entries that won't have comments is autobans, I can't seem to find a good way to pass comments on as they are added by an iptables rule which doesn't support the feature. Besides that everything else will convert seamlessly upon upgrading.
johnathonm
Regular Contributor
My skynet seems to be running an update roughly every 6 minutes or so according to my logs. How can I change this? I only used your default install stuff so I didn't make any changes.
Thanks
Thanks
Adamm
Part of the Furniture
Please post the output of;
Code:
cru land
Code:
sh /jffs/scripts/firewall debug info
MarioCaires
Regular Contributor
Oh just ran a debug info and found "Duplicate Rules Detected In FILTER"! Is this something to be aware?
Adamm
Part of the Furniture
I can't think of any reason a rule would be in the same chain twice, as once IPTables matches a rule it moves on. But lets find out whats causing it, please post the output of;
Code:
iptables -LMarioCaires
Regular Contributor
Code:
ac87@RT-AC87U-ED60:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
logdrop icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
logdrop all -- anywhere anywhere state INVALID
PTCSRVWAN all -- anywhere anywhere
PTCSRVLAN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
SSHBFP tcp -- anywhere anywhere tcp dpt:ssh state NEW
INPUT_ICMP icmp -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
logdrop all -- anywhere anywhere
logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
NSFW all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate DNAT
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ACCESS_RESTRICTION (0 references)
target prot opt source destination
Chain FUPNP (0 references)
target prot opt source destination
ACCEPT udp -- anywhere MyDesktopPC udp dpt:65030
Chain INPUT_ICMP (1 references)
target prot opt source destination
RETURN icmp -- anywhere anywhere icmp echo-request
RETURN icmp -- anywhere anywhere icmp timestamp-request
ACCEPT icmp -- anywhere anywhere
Chain NSFW (1 references)
target prot opt source destination
Chain PControls (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain PTCSRVLAN (1 references)
target prot opt source destination
Chain PTCSRVWAN (1 references)
target prot opt source destination
Chain SECURITY (0 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
RETURN tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
RETURN icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
logdrop icmp -- anywhere anywhere icmp echo-request
RETURN all -- anywhere anywhere
Chain SSHBFP (1 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: SSH side: source
LOG all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
LOG all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
LOG all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
logdrop all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source
ACCEPT all -- anywhere anywhere
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT all -- anywhere anywhere
Chain logdrop (9 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere match-set Whitelist src
DROP tcp -- anywhere anywhere multiport sports www,https,imap2,imaps,pop3,pop3s,smtp,ssmtp state INVALID
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,ACK
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST,ACK
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET all -- anywhere anywhere state INVALID add-set Blacklist src
DROP all -- anywhere anywhereAdamm
Part of the Furniture
Thanks, I had a typo in my SSHBFP rule removal so they weren't being removed correctly, I'll have a fix out in a few minutes. (not a major issue so don't stress too much).
Edit; 5.0.7 is live
pattiri
Senior Member
I have duplicate rules in filter for a long time too. I've just updated to 5.0.7 but there is still duplicate in my filter.
After updating to 5.0.7 there were no duplicates rules but after 2-3 minutes they appeared again.
here is the output of iptables -L
my vpn client 1 is active may be it is related.
Code:
Router Model: Fatiii
Skynet Version: v5.0.7 (21/07/2017)
iptables v1.4.14 - (eth0)
ipset v6.32, protocol version: 6
FW Version: 380.67_0 (Jul 16 2017)
Install Dir; /tmp/mnt/entware/skynet (1.9G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/entware
Install Dir Writeable
Startup Entry Detected
Cronjobs Detected
Autobanning Enabled
Debug Mode Enabled
No Duplicate Rules Detected In RAW
Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
BlockedRanges IPTable Detected
Blacklist IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet: [Complete] 154860 IPs / 3689 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 1 Inbound / 0 Outbound Connections Blocked! [1s]
admin@Fatiii:/tmp/home/root#After updating to 5.0.7 there were no duplicates rules but after 2-3 minutes they appeared again.
here is the output of iptables -L
Code:
admin@Fatiii:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:1194
logdrop icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
logdrop all -- anywhere anywhere state INVALID
PTCSRVWAN all -- anywhere anywhere
PTCSRVLAN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:8082
ACCEPT tcp -- anywhere anywhere tcp dpt:snpp
INPUT_ICMP icmp -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ipttolan all -- anywhere anywhere
iptfromlan all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
logdrop all -- anywhere anywhere
logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
SECURITY all -- anywhere anywhere
NSFW all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate DNAT
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ACCESS_RESTRICTION (0 references)
target prot opt source destination
Chain FUPNP (0 references)
target prot opt source destination
Chain INPUT_ICMP (1 references)
target prot opt source destination
RETURN icmp -- anywhere anywhere icmp echo-request
RETURN icmp -- anywhere anywhere icmp timestamp-request
ACCEPT icmp -- anywhere anywhere
Chain NSFW (1 references)
target prot opt source destination
Chain PControls (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain PTCSRVLAN (1 references)
target prot opt source destination
Chain PTCSRVWAN (1 references)
target prot opt source destination
Chain SECURITY (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
RETURN tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
RETURN icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
logdrop icmp -- anywhere anywhere icmp echo-request
RETURN all -- anywhere anywhere
Chain iptfromlan (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
Chain ipttolan (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN all -- anywhere anywhere account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT all -- anywhere anywhere
Chain logdrop (8 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere match-set Whitelist src
DROP tcp -- anywhere anywhere multiport sports www,https,imap2,imaps,pop3,pop3s,smtp,ssmtp state INVALID
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,ACK
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST
ACCEPT tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST,ACK
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET all -- anywhere anywhere state INVALID add-set Blacklist src
DROP all -- anywhere anywhere
admin@Fatiii:/tmp/home/root#my vpn client 1 is active may be it is related.
TheUntouchable
Regular Contributor
Got this with latest version and banmalware:
Downloading Lists
Filtering IPv4 Addresses
Filtering IPv4 Ranges
Applying Blacklists
find: unrecognized: -maxdepth
BusyBox v1.25.1 (2017-07-16 12:57:53 EDT) multi-call binary.
Usage: find [-HL] [PATH]... [OPTIONS] [ACTIONS]
Search for files and perform actions on them.
First failed action stops processing of current file.
Defaults: PATH is current directory, action is '-print'
-L,-follow Follow symlinks
-H ...on command line only
Actions:
! ACT Invert ACT's success/failure
ACT1 [-a] ACT2 If ACT1 fails, stop, else do ACT2
ACT1 -o ACT2 If ACT1 succeeds, stop, else do ACT2
Note: -a has higher priority than -o
-name PATTERN Match file name (w/o directory name) to PATTERN
-iname PATTERN Case insensitive -name
-mtime DAYS mtime is greater than (+N), less than (-N),
or exactly N days in the past
If none of the following actions is specified, -print is assumed
-print Print file name
-print0 Print file name, NUL terminated
-exec CMD ARG ; Run CMD with all instances of {} replaced by
file name. Fails if CMD exits with nonzero
Warning! This May Have Blocked Your Favorite Website. To Unblock It Use; ( sh /jffs/scripts/firewall whitelist domain URL )
Saving Changes
Skynet: [Complete] 187050 IPs / 3692 Ranges Banned. 187050 New IPs / 3692 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [27s]
EDIT: And unban all seems to have a problem too:
Skynet: [INFO] Removing All 190742 Entries From Blacklist...
ipset v6.32: The set with the given name does not exist
Saving Changes
Skynet: [Complete] 668 IPs / 0 Ranges Banned. -186382 New IPs / -3692 New Ranges Banned. Inbound / Outbound Connections Blocked! [0s]
Downloading Lists
Filtering IPv4 Addresses
Filtering IPv4 Ranges
Applying Blacklists
find: unrecognized: -maxdepth
BusyBox v1.25.1 (2017-07-16 12:57:53 EDT) multi-call binary.
Usage: find [-HL] [PATH]... [OPTIONS] [ACTIONS]
Search for files and perform actions on them.
First failed action stops processing of current file.
Defaults: PATH is current directory, action is '-print'
-L,-follow Follow symlinks
-H ...on command line only
Actions:
! ACT Invert ACT's success/failure
ACT1 [-a] ACT2 If ACT1 fails, stop, else do ACT2
ACT1 -o ACT2 If ACT1 succeeds, stop, else do ACT2
Note: -a has higher priority than -o
-name PATTERN Match file name (w/o directory name) to PATTERN
-iname PATTERN Case insensitive -name
-mtime DAYS mtime is greater than (+N), less than (-N),
or exactly N days in the past
If none of the following actions is specified, -print is assumed
-print Print file name
-print0 Print file name, NUL terminated
-exec CMD ARG ; Run CMD with all instances of {} replaced by
file name. Fails if CMD exits with nonzero
Warning! This May Have Blocked Your Favorite Website. To Unblock It Use; ( sh /jffs/scripts/firewall whitelist domain URL )
Saving Changes
Skynet: [Complete] 187050 IPs / 3692 Ranges Banned. 187050 New IPs / 3692 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [27s]
EDIT: And unban all seems to have a problem too:
Skynet: [INFO] Removing All 190742 Entries From Blacklist...
ipset v6.32: The set with the given name does not exist
Saving Changes
Skynet: [Complete] 668 IPs / 0 Ranges Banned. -186382 New IPs / -3692 New Ranges Banned. Inbound / Outbound Connections Blocked! [0s]
Last edited:
Adamm
Part of the Furniture
Your VPN rules in iptfromlan and iptolan are being duplicated 4 times, not really sure of the reason for this as I don't use the VPN functionality. My guess would be that it has something todo with the 4 lan ports but even then I don't see why the exact same rule would be used.
Oops, didn't realise I was using the entware version of find. Use "update -f" to force update to the latest version which will fix it.
Looks like you didn't have the firewall active at the time (it looks for the sets to flush but because they aren't loaded it spits out an error)
Last edited:
johnathonm
Regular Contributor
Just did a reinstall
cru l
25 2 * * 1 sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
25 1 * * 1 sh /jffs/scripts/firewall update #Skynet_autoupdate#
0 * * * * sh /jffs/scripts/firewall save #Skynet_save#
jmohr1981@RT-AC5300-B6F0:/jffs/scripts# sh /jffs/scripts/firewall debug info
#!/bin/sh
#############################################################################################################
# _____ _ _ _____ #
# / ____| | | | | ____| #
# | (___ | | ___ _ _ __ ___| |_ __ _| |__ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \ #
# ____) | <| |_| | | | | __/ |_ \ V / ___) | #
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ |____/ #
# __/ | #
# |___/ #
# #
## - 21/07/2017 - Asus Firewall Addition By Adamm v5.0.7 #
## https://github.com/Adamm00/IPSet_ASUS #
#############################################################################################################
##############################
### Commands ###
##############################
# "unban" # <-- Remove From Blacklist (IP/Range/Domain/Port/Country/Malware/Autobans/Nomanual/All)
# "ban" # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
# "banmalware" # <-- Bans Various Malware Domains
# "whitelist" # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
# "import" # <-- Bans All IPs From URL
# "deport" # <-- Unbans All IPs From URL
# "save" # <-- Save Blacklists To ipset.txt
# "disable" # <-- Disable Firewall
# "update" # <-- Update Script To Latest Version (check github for changes)
# "debug" # <-- Debug Features (Restart/Disable/Watch/Info)
# "stats" # <-- Show/Search Stats Of Banned IPs (Requires debugging enabled)
# "install" # <-- Install Script (Or Change Boot Args)
# "uninstall" # <-- Uninstall All Traces Of Skynet
##############################
Router Model: RT-AC5300-B6F0
Skynet Version: v5.0.7 (21/07/2017)
iptables v1.4.14 - (eth0)
ipset v6.32, protocol version: 6
FW Version: 380.67_0 (Jul 16 2017)
Install Dir; /tmp/mnt/sda1/skynet (56.0G Space Available)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/sda1
Install Dir Writeable
Startup Entry Detected
Cronjobs Detected
Autobanning Enabled
Debug Mode Disabled
No Duplicate Rules Detected In RAW
No Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
BlockedRanges IPTable Detected
Blacklist IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 3 Inbound / 0 Outbound Connections Blocked! [1s]
jmohr1981@RT-AC5300-B6F0:/jffs/scripts#
cru l
25 2 * * 1 sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
25 1 * * 1 sh /jffs/scripts/firewall update #Skynet_autoupdate#
0 * * * * sh /jffs/scripts/firewall save #Skynet_save#
jmohr1981@RT-AC5300-B6F0:/jffs/scripts# sh /jffs/scripts/firewall debug info
#!/bin/sh
#############################################################################################################
# _____ _ _ _____ #
# / ____| | | | | ____| #
# | (___ | | ___ _ _ __ ___| |_ __ _| |__ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \ #
# ____) | <| |_| | | | | __/ |_ \ V / ___) | #
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ |____/ #
# __/ | #
# |___/ #
# #
## - 21/07/2017 - Asus Firewall Addition By Adamm v5.0.7 #
## https://github.com/Adamm00/IPSet_ASUS #
#############################################################################################################
##############################
### Commands ###
##############################
# "unban" # <-- Remove From Blacklist (IP/Range/Domain/Port/Country/Malware/Autobans/Nomanual/All)
# "ban" # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
# "banmalware" # <-- Bans Various Malware Domains
# "whitelist" # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
# "import" # <-- Bans All IPs From URL
# "deport" # <-- Unbans All IPs From URL
# "save" # <-- Save Blacklists To ipset.txt
# "disable" # <-- Disable Firewall
# "update" # <-- Update Script To Latest Version (check github for changes)
# "debug" # <-- Debug Features (Restart/Disable/Watch/Info)
# "stats" # <-- Show/Search Stats Of Banned IPs (Requires debugging enabled)
# "install" # <-- Install Script (Or Change Boot Args)
# "uninstall" # <-- Uninstall All Traces Of Skynet
##############################
Router Model: RT-AC5300-B6F0
Skynet Version: v5.0.7 (21/07/2017)
iptables v1.4.14 - (eth0)
ipset v6.32, protocol version: 6
FW Version: 380.67_0 (Jul 16 2017)
Install Dir; /tmp/mnt/sda1/skynet (56.0G Space Available)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/sda1
Install Dir Writeable
Startup Entry Detected
Cronjobs Detected
Autobanning Enabled
Debug Mode Disabled
No Duplicate Rules Detected In RAW
No Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
BlockedRanges IPTable Detected
Blacklist IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 3 Inbound / 0 Outbound Connections Blocked! [1s]
jmohr1981@RT-AC5300-B6F0:/jffs/scripts#
Adamm
Part of the Furniture
Everything looks normal, why do you think its running every 6 minutes?
It's a bug in the ipt_account module, which is unable to delete an existing rule when stopping an OpenVPN instance. It would take someone familiar with netfilter kernel code to debug this, as I can't figure out what's wrong, and the author of that module disappeared years ago. He didn't even answer any email when I was trying to fix his module not working at all on 2.6.36 (I at last managed to fix that particular bug back then).
johnathonm
Regular Contributor
This is from my log, rebooted yesterday
Jul 20 20:16:59 Skynet: [INFO] Lock File Detected (pid=1024) - Exiting
Jul 20 20:17:03 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 187748 New IPs / 3695 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [12s]
Jul 20 20:17:12 crond[577]: time disparity of 1036816 minutes detected
Jul 20 20:24:01 dropbear[2929]: Child connection from 192.168.1.125:55291
Jul 20 20:24:10 dropbear[2929]: Password auth succeeded for '***' from 192.168.1.125:55291
Jul 20 21:00:00 crond[577]: USER *** pid 9413 cmd sh /jffs/scripts/firewall save
Jul 20 21:00:05 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 31 Inbound / 0 Outbound Connections Blocked! [5s]
Jul 20 21:00:52 disk_monitor: Got SIGALRM...
Jul 20 21:25:09 dropbear[14021]: Child connection from 192.168.1.1:39189
Jul 20 21:25:52 dropbear[14021]: Password auth succeeded for '***' from 192.168.1.1:39189
Jul 20 22:00:00 crond[577]: USER *** pid 20243 cmd sh /jffs/scripts/firewall save
Jul 20 22:00:05 Skynet: [Complete] 187749 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 81 Inbound / 13 Outbound Connections Blocked! [5s]
Jul 20 23:00:00 crond[577]: USER *** pid 31133 cmd sh /jffs/scripts/firewall save
Jul 20 23:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 2 New IPs / 0 New Ranges Banned. 135 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 20 23:00:52 disk_monitor: Got SIGALRM...
Jul 21 00:00:00 crond[577]: USER *** pid 9544 cmd sh /jffs/scripts/firewall save
Jul 21 00:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 182 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 01:00:00 crond[577]: USER *** pid 20354 cmd sh /jffs/scripts/firewall save
Jul 21 01:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 233 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 02:00:00 crond[577]: USER *** pid 31161 cmd sh /jffs/scripts/firewall save
Jul 21 02:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 290 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 03:00:00 crond[577]: USER *** pid 9833 cmd sh /jffs/scripts/firewall save
Jul 21 03:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 347 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:00:00 crond[577]: USER *** pid 20642 cmd sh /jffs/scripts/firewall save
Jul 21 04:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 387 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:24:14 dropbear[2929]: Exit (***): Error reading: Connection timed out
Jul 21 04:24:14 dropbear[14021]: Exit (***): Exited normally
Jul 21 05:00:00 crond[577]: USER *** pid 31453 cmd sh /jffs/scripts/firewall save
Jul 21 05:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 450 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 06:00:00 crond[577]: USER *** pid 9942 cmd sh /jffs/scripts/firewall save
Jul 21 06:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 504 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 07:00:01 crond[577]: USER *** pid 20750 cmd sh /jffs/scripts/firewall save
Jul 21 07:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 549 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 08:00:00 crond[577]: USER *** pid 31555 cmd sh /jffs/scripts/firewall save
Jul 21 08:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 593 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 09:00:00 crond[577]: USER *** pid 9965 cmd sh /jffs/scripts/firewall save
Jul 21 09:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 637 Inbound / 90 Outbound Connections Blocked! [4s]
Jul 20 20:16:59 Skynet: [INFO] Lock File Detected (pid=1024) - Exiting
Jul 20 20:17:03 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 187748 New IPs / 3695 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [12s]
Jul 20 20:17:12 crond[577]: time disparity of 1036816 minutes detected
Jul 20 20:24:01 dropbear[2929]: Child connection from 192.168.1.125:55291
Jul 20 20:24:10 dropbear[2929]: Password auth succeeded for '***' from 192.168.1.125:55291
Jul 20 21:00:00 crond[577]: USER *** pid 9413 cmd sh /jffs/scripts/firewall save
Jul 20 21:00:05 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 31 Inbound / 0 Outbound Connections Blocked! [5s]
Jul 20 21:00:52 disk_monitor: Got SIGALRM...
Jul 20 21:25:09 dropbear[14021]: Child connection from 192.168.1.1:39189
Jul 20 21:25:52 dropbear[14021]: Password auth succeeded for '***' from 192.168.1.1:39189
Jul 20 22:00:00 crond[577]: USER *** pid 20243 cmd sh /jffs/scripts/firewall save
Jul 20 22:00:05 Skynet: [Complete] 187749 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 81 Inbound / 13 Outbound Connections Blocked! [5s]
Jul 20 23:00:00 crond[577]: USER *** pid 31133 cmd sh /jffs/scripts/firewall save
Jul 20 23:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 2 New IPs / 0 New Ranges Banned. 135 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 20 23:00:52 disk_monitor: Got SIGALRM...
Jul 21 00:00:00 crond[577]: USER *** pid 9544 cmd sh /jffs/scripts/firewall save
Jul 21 00:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 182 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 01:00:00 crond[577]: USER *** pid 20354 cmd sh /jffs/scripts/firewall save
Jul 21 01:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 233 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 02:00:00 crond[577]: USER *** pid 31161 cmd sh /jffs/scripts/firewall save
Jul 21 02:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 290 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 03:00:00 crond[577]: USER *** pid 9833 cmd sh /jffs/scripts/firewall save
Jul 21 03:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 347 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:00:00 crond[577]: USER *** pid 20642 cmd sh /jffs/scripts/firewall save
Jul 21 04:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 387 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:24:14 dropbear[2929]: Exit (***): Error reading: Connection timed out
Jul 21 04:24:14 dropbear[14021]: Exit (***): Exited normally
Jul 21 05:00:00 crond[577]: USER *** pid 31453 cmd sh /jffs/scripts/firewall save
Jul 21 05:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 450 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 06:00:00 crond[577]: USER *** pid 9942 cmd sh /jffs/scripts/firewall save
Jul 21 06:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 504 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 07:00:01 crond[577]: USER *** pid 20750 cmd sh /jffs/scripts/firewall save
Jul 21 07:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 549 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 08:00:00 crond[577]: USER *** pid 31555 cmd sh /jffs/scripts/firewall save
Jul 21 08:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 593 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 09:00:00 crond[577]: USER *** pid 9965 cmd sh /jffs/scripts/firewall save
Jul 21 09:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 637 Inbound / 90 Outbound Connections Blocked! [4s]
Adamm
Part of the Furniture
The logs look fine (besides the crond print not being removed which will be fixed in a future update).
Right now Skynet is saving hourly as it should, and is taking 4-5 seconds to issue the command which is to be expected.
johnathonm
Regular Contributor
When it saves my entire network stalls for a minute or two. Also, what did I do wrong or should I be following to ensure the firewall is working in this process? All I did was install the script etc.
Thanks
Thanks
Adamm
Part of the Furniture
Define "my network stalls". This briefly has an impact on CPU usage, but should not affect your connection (especially to the point where its noticeable to the end user).
Also, beyond that 4-5 second save period, Skynet doesn't do anything until manually run or until the next save command is run. Most of the leg work is handled by IPTables, so I'm not even sure its possible for it to "stall" a connection for minutes after its been executed.
Everything looks fine to me, if/when there is a problem we can give advise from there. But for the most part the current version of the script is stable and there are no known issues that should affect users.
Similar threads
Similar threads
Similar threads
-
-
Skynet Skynet showing router itself making calls to China?
- Started by Skywise
- Replies: 26
-
Skynet Skynet - Blocked outbounds coming from the router itself?
- Started by JuanGF
- Replies: 12
-
Skynet Installing Skynet causes router to crash and reboot
- Started by ovancantfort
- Replies: 26
-
Skynet I have installed the skynet firewall how do I configure it if the security of iot devices is important?
- Started by lenovomen
- Replies: 2
-
Skynet Message on SKYNET I havent seen before- Started by Davidncali001
- Replies: 1
-
-
-
Skynet SkyNet/Firewall blocking all ping requests, including outbound
- Started by nearlyheadlessarvie
- Replies: 6
-
Skynet SOLVED: Scrollbar Disappears on Skynet Tab on Asuswrt-Merlin 386.14
- Started by WRobertE
- Replies: 10
Latest threads
-
-
-
2G connection keeps randomly disappearing, 5G works ok
- Started by meruserasus
- Replies: 0
-
Diversion AMTM / Diversion stopped working (USB Drive?)
- Started by Dancing Lemur
- Replies: 2
-
Another weird AX86U issue - but not Malware?
- Started by ahab
- Replies: 9
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!