What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi Adamm,

I doubt this has anything to do with 7.1.8 but when viewing stats on the console (not webui) I got the following message:

The provider we use for country lookups has a 1000 daily query limit on their free API. There is unfortunately no avoiding this (beyond changing your IP for the day or disabling country lookups), but under normal circumstances no user should be consistently hitting this unless they are constantly refreshing their stats.
 
Last edited:
The provider we use for country lookups has a 1000 daily query limit on their free API. There is unfortunately no avoiding this (beyond changing your IP for the day or disabling country lookups), but under normal circumstances no user should be consistently hitting this unless they are constantly refreshing their stats.

Yeah I've been troubleshooting an issue with my USB drive and finally determined it was faulty / replaced it with a new one, so I have been doing a lot of script un-install / re-install / re-install again, in the past 12 hours ... that could explain why they think I'm hammering them with requests.
 
Safer then a password? Sure, but you are still exposing the service to the world, so in the event of a 0 day dropbear exploit you would be vulnerable. That's why using OpenVPN to access your lan is the recommended method
Is that because SSH is a root-level daemon and VPN isn't? My first thought was well, what about 0-day vpn exploit? I'm pretty new to this, so trying to understand your recommendation towards VPN.
 
VPN is inherently more secure because it doesn't sit on the WAN, 'exposed'. Many layers of security in front of it.
 
VPN is inherently more secure because it doesn't sit on the WAN, 'exposed'. Many layers of security in front of it.
How can you remotely use OpenVPN if it's not on WAN?

(I'm also curious why many people say OpenVPN is safer than SSH for remote access; never understood why)
 
I didn't say that. :)

It doesn't sit there, exposed.
 
Feature request: an option (preferably set as default) to forward blocked IP's to skynet localhost block warning html page, to give people a better idea of what is causing a false positive. Another option that enables users the ability to whitelist on that page would be cool too.

This would be nice because there are often many layers one must check to determine where a break occurs, starting with local machine, then diversion, then dnscrypt, etcetera... this would be great for websites, not so useful for most non browser usage, but still can save people a lot of time and energy troubleshooting.
 
Last edited:
Is that because SSH is a root-level daemon and VPN isn't? My first thought was well, what about 0-day vpn exploit? I'm pretty new to this, so trying to understand your recommendation towards VPN.

One of the most simple reasons is layering. When using OpenVPN you now have two layers of protection someone has to exploit to gain root access to your network, not to mention OpenVPN is so widely used/audited. Plus the fact a majority of less tech savvy users don't use SSH keys and instead use passwords, which as we all know can be easily brute-forced.
 
Hi! I've got a problem running SkyNet on my ASUS Router:
  1. No WebUI button for Skynet is displayed in the router's admin panel although I use the latest firmware (>384.15).
  2. Running the command "firewall settings webui enable" prints "[*] WebUI Integration Requires Logging to be Enabled", " WebUi Enabled" and "Generating Stats" but terminates with "/jffs/scripts/firewall: line 5659: arithmetic syntax error"
  3. Running amtm to update Skynet returns "/jffs/scripts/firewall: line 40: arithmetic syntax error" and terminates. However, when I manually run "firewall update check" on the command line, the update is performed and no error message displayed.

Output of "firewall debug info":

Skynet Version; (14/06/2020) (3dd8c42e0baa6ba6800ae6c4dabc5a39)
iptables v1.4.15 - (eth0 @ 192.168.66.1)
ipset v6.32, protocol version: 6
IP Address; (###.###.###.###)
FW Version; 384.17_0 (Apr 26 2020) (4.1.27)
Install Dir; /tmp/mnt/usb_87_ext2/skynet (6.8G / 9.4G Space Available)
Syslog Location; () ()
Uptime; 0 days, 5 hours, 39 minutes.
Ram Available; (110M / 430M)

----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates [Disabled]
Malware List Auto-Updates [Disabled]
Logging [Disabled]
Filter Traffic [Selective]
Unban PrivateIP [Disabled]
Log Invalid Packets [Disabled]
Import AiProtect Data [Disabled]
Secure Mode [Disabled]
Fast Switch List [Disabled]
Syslog Location [Custom]
IOT Blocking [Disabled]
Country Lookup For Stats [Disabled]
CDN Whitelisting [Disabled]
Display WebUI [Disabled]
 
Last edited:
Completely forgot about that...
But somehow I do remember this (even older) post from him:

Dropbear has a fairly good track record security-wise. It has less esoteric features than OpenSSH, which means simpler codebase, therefore less possible attack vectors. I personally trust it open on the WAN, especially if one disables password login and uses RSA or ECDSA keys to authenticate.

https://www.snbforums.com/threads/enable-ssh-brute-force-protection-not-working.42792/#post-365167
 
My install is inbound only

Running 384.17

Question I have, I am seeing my /opt/var/log/firewall.log file sitting at zero bytes, is this normal ?
 
My install is inbound only

Running 384.17

Question I have, I am seeing my /opt/var/log/firewall.log file sitting at zero bytes, is this normal ?

Whats the output of;

Code:
firewall debug info
 
Whats the output of;

Code:
firewall debug info

################################################################################
# #
# ███████╗██╗ ██╗██╗ ██╗███╗ ██╗███████╗████████╗ ██╗ #
# ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗ ██║██╔════╝╚══██╔══╝ ██║ #
# ███████╗█████╔╝ ╚████╔╝ ██╔██╗ ██║█████╗ ██║ ██║ #
# ╚════██║██╔═██╗ ╚██╔╝ ██║╚██╗██║██╔══╝ ██║ ╚██╗#
# ███████║██║ ██╗ ██║ ██║ ╚████║███████╗ ██║ ╚██#
# ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═#
# #
# Router Firewall And Security Enhancements #
# By Adamm - https://github.com/Adamm00/IPSet_ASUS#
# 14/06/2020 - v7.1.8 #
################################################################################


================================================================================


Router Model; RT-AC68U
Skynet Version; v7.1.8 (14/06/2020) (991a53cc1ed94b4eb02837b1651e999f)
iptables v1.4.15 - (ppp0 @ 192.168.1.254)
ipset v6.32, protocol version: 6
IP Address; (84.92.56.81) - (2001:470:1f1d:5e0::/64)
FW Version; 384.17_0 (Apr 25 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/asus/skynet (11.1G / 14.2G Space Available)
SWAP File; /tmp/mnt/asus/myswap.swp (2.0G)
Banned Countries; ru,kp,iq,ir,cn,sa,br
Uptime; 2 days, 3 hours, 14 minutes.
Ram Available; (79M / 249M)


--------------- | ------------ | ---------------
| Device Name | | | Local IP | | | MAC Address |
--------------- | ------------ | ---------------

Philips-hue | 192.168.1.4 | 00:17:88:71:04:ebe
Unknown | 192.168.1.16 | 34:7e:5c:19:76:90e
amazon-f7c2f8531 | 192.168.1.18 | 3c:18:a0:a9:17:c5e
VU-Duo2 | 192.168.1.42 | 00:1d:ec:05:bd:68e
SonosZP | 192.168.1.70 | 00:0e:58:cb:20:cce
TVBOX | 192.168.1.100 | 18:60:24:22:a6:15e
TP-LINK | 192.168.1.133 | e8:de:27:99:cf:0be
NAS-Thecus | 192.168.1.200 | 00:14:fd:13:43:66e
amazon-1c9815784 | 192.168.1.206 | 24:4c:e3:6c:20:ece


-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

17/17 Tests Sucessful


================================================================================


[#] 320361 IPs (+0) -- 1782 Ranges Banned (+0) || 900 Inbound -- 0 Outbound Con]
 
( firewall settings logmode enable|disable ) Enable/Disable Logging

Oh, I forgot to mention, I tried that and it brings up the same error message - and still no logging:
"/jffs/scripts/firewall: line 5659: arithmetic syntax error"

I can't even uninstall Skynet because of it. The process stops after these error messages. :(

The code in line 5659 is as follows:
5657 Spinner_End
5658 Display_Header "9"
5659 if [ "$nolog" != "2" ]; then Print_Log "$@"; echo; fi
5660 if [ "$nocfg" != "1" ]; then Write_Config; fi

The code in line 40 is as follows:
40 if [ -z "${skynetloc}" ] && tty >/dev/null 2>&1; then
41 set "install"
42 fi
 
Last edited:
Oh, I forgot to mention, I tried that and it brings up the same error message - and still no logging:
"/jffs/scripts/firewall: line 5659: arithmetic syntax error"

I can't even uninstall Skynet because of it. The process stops after these error messages. :(

The code in line 5659 is as follows:
5657 Spinner_End
5658 Display_Header "9"
5659 if [ "$nolog" != "2" ]; then Print_Log "$@"; echo; fi
5660 if [ "$nocfg" != "1" ]; then Write_Config; fi

The code in line 40 is as follows:
40 if [ -z "${skynetloc}" ] && tty >/dev/null 2>&1; then
41 set "install"
42 fi

Not sure why you toggled so many settings unnecessarily, seems like a case of pebkac. I suggest you manually delete your Skynet config files, reboot and start fresh.

Code:
rm -rf /tmp/mnt/usb_87_ext2/skynet

My install is inbound only

Running 384.17

Question I have, I am seeing my /opt/var/log/firewall.log file sitting at zero bytes, is this normal ?

################################################################################
# #
# ███████╗██╗ ██╗██╗ ██╗███╗ ██╗███████╗████████╗ ██╗ #
# ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗ ██║██╔════╝╚══██╔══╝ ██║ #
# ███████╗█████╔╝ ╚████╔╝ ██╔██╗ ██║█████╗ ██║ ██║ #
# ╚════██║██╔═██╗ ╚██╔╝ ██║╚██╗██║██╔══╝ ██║ ╚██╗#
# ███████║██║ ██╗ ██║ ██║ ╚████║███████╗ ██║ ╚██#
# ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═#
# #
# Router Firewall And Security Enhancements #
# By Adamm - https://github.com/Adamm00/IPSet_ASUS#
# 14/06/2020 - v7.1.8 #
################################################################################


================================================================================


Router Model; RT-AC68U
Skynet Version; v7.1.8 (14/06/2020) (991a53cc1ed94b4eb02837b1651e999f)
iptables v1.4.15 - (ppp0 @ 192.168.1.254)
ipset v6.32, protocol version: 6
IP Address; (84.92.56.81) - (2001:470:1f1d:5e0::/64)
FW Version; 384.17_0 (Apr 25 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/asus/skynet (11.1G / 14.2G Space Available)
SWAP File; /tmp/mnt/asus/myswap.swp (2.0G)
Banned Countries; ru,kp,iq,ir,cn,sa,br
Uptime; 2 days, 3 hours, 14 minutes.
Ram Available; (79M / 249M)


--------------- | ------------ | ---------------
| Device Name | | | Local IP | | | MAC Address |
--------------- | ------------ | ---------------

Philips-hue | 192.168.1.4 | 00:17:88:71:04:ebe
Unknown | 192.168.1.16 | 34:7e:5c:19:76:90e
amazon-f7c2f8531 | 192.168.1.18 | 3c:18:a0:a9:17:c5e
VU-Duo2 | 192.168.1.42 | 00:1d:ec:05:bd:68e
SonosZP | 192.168.1.70 | 00:0e:58:cb:20:cce
TVBOX | 192.168.1.100 | 18:60:24:22:a6:15e
TP-LINK | 192.168.1.133 | e8:de:27:99:cf:0be
NAS-Thecus | 192.168.1.200 | 00:14:fd:13:43:66e
amazon-1c9815784 | 192.168.1.206 | 24:4c:e3:6c:20:ece


-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

17/17 Tests Sucessful


================================================================================


[#] 320361 IPs (+0) -- 1782 Ranges Banned (+0) || 900 Inbound -- 0 Outbound Con]

You don't have a custom syslog location set so your logs are being sent to /tmp/syslog.log as per usual.
 
  • Like
Reactions: a5m
But somehow I do remember this (even older) post from him:

Dropbear has a fairly good track record security-wise. It has less esoteric features than OpenSSH, which means simpler codebase, therefore less possible attack vectors. I personally trust it open on the WAN, especially if one disables password login and uses RSA or ECDSA keys to authenticate.

https://www.snbforums.com/threads/enable-ssh-brute-force-protection-not-working.42792/#post-365167
And an obscure port as a bonus?
 
Not sure why you toggled so many settings unnecessarily, seems like a case of pebkac. I suggest you manually delete your Skynet config files, reboot and start fresh.

Actually, I didn't toggle any. Up to today I didn't even know how to interact with Skynet on the command line. Anyway, I'll try what you suggested and set it up again from scratch ...

Edit:
I performed the rm command. And now? How can I uninstall Skynet? It's still shown in amtm as installed.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top