Skynet Skynet - Router Firewall & Security Enhancements

[eighteen]

Hi, if I do not have the ipv6 option enabled this script works only with ipv4?

 

[Adamm]

I'm hoping for some help. i have a problem with my DNS server being blocked.

When I white list the IP it works for a while before it starts being blocked again.

Asus Firewall Addition By Adamm v5.5.5
Debug Data Detected in /jffs/skynet.log - 434.0K
Monitoring From Nov 28 05:08:01 To Nov 29 08:20:01
1935 Block Events Detected
423 Unique IPs
90 Autobans Issued
0 Manual Bans Issued

168.1.79.229 is NOT in set Whitelist.
168.1.79.229 is in set Blacklist.
168.1.79.229 is NOT in set BlockedRanges.

Blacklist Reason;
576119

Nov 29 07:45:01 kernel: [BLOCKED - INBOUND] IN=ppp0 OUT= MAC= SRC=168.1.79.229 DST=110.x.x.x LEN=98 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=UDP SPT=53 DPT=55475 LEN=

168.1.79.229 is a getflix /unblocker and i dont understand why the whitelist is being ignored. Any thoughts on how to resolve this?

Thanks

That output indicates the IP was not whitelisted (which would prevent it getting Blacklisted in the first place). It also indicates that it was banned manually as autobans don't have Blacklist reasons.

To whitelist this IP use the following command;

sh /jffs/scripts/firewall whitelist ip 168.1.79.229 Getflix

 

[Adamm]

Hi, if I do not have the ipv6 option enabled this script works only with ipv4?

This script is intended for IPv4 usage.

 

[G F]

That output indicates the IP was not whitelisted (which would prevent it getting Blacklisted in the first place). It also indicates that it was banned manually as autobans don't have Blacklist reasons.
[/CODE]

Thanks for the reply Adam. Agree that the output indicates that its not in the whitelist but prior to the issue reoccurring it was.

When i have the problem i have to manually recreate the whitelist entry to be able to restore service. I have the following command stored in a text file that i use to restore service..

/jffs/scripts/firewall whitelist ip 168.1.79.229

The results are:

Whitelisting 168.1.79.229
ipset v6.32: Comment cannot be used: set was created without comment support
Saving Changes

The problem i'm having is its not a permanent fix and i have to do it about once a day. Any thoughts?

 

[Adamm]

Thanks for the reply Adam. Agree that the output indicates that its not in the whitelist but prior to the issue reoccurring it was.

When i have the problem i have to manually recreate the whitelist entry to be able to restore service. I have the following command stored in a text file that i use to restore service..

/jffs/scripts/firewall whitelist ip 168.1.79.229

The results are:

Whitelisting 168.1.79.229
ipset v6.32: Comment cannot be used: set was created without comment support
Saving Changes

The problem i'm having is its not a permanent fix and i have to do it about once a day. Any thoughts?

Okay that makes more sense. It seems your whitelist (and possibly blacklist) do not support comments, the only way I can see this happening is if you updated from a much older version of Skynet to a current one thus missing the update code that was present for a few months (although this is a failure more on my behalf). Try the following commands;

sh /jffs/scripts/firewall disable
sed -i 's/create Blacklist.*[0-9]$/& comment/' /jffs/scripts/ipset.txt # Convert IPSets
sed -i 's/create BlockedRanges.*[0-9]$/& comment/' /jffs/scripts/ipset.txt # Convert IPSets
sed -i 's/create Whitelist.*[0-9]$/& comment/' /jffs/scripts/ipset.txt # Convert IPSets
sh /jffs/scripts/firewall restart

After Skynet restarts you should stop seeing that error and entries will actually start getting added when you issue the commands.

 

[Adamm]

When Skynet updated the Banmalware, instead of using and updating my Custom Filter List URL, it reverted back to the default Filter List.

Nov 28 02:00:07 Skynet: [Complete] 434870 IPs / 26315 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 447 Inbound / 0 Outbound Connections Blocked! [7s]
Nov 28 02:25:39 Skynet: [Complete] 135837 IPs / 1962 Ranges Banned. -299033 New IPs / -24353 New Ranges Banned. 487 Inbound / 0 Outbound Connections Blocked! [39s]
Nov 28 03:00:02 Skynet: [Complete] 135837 IPs / 1962 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 550 Inbound / 0 Outbound Connections Blocked! [2s]

As promised I've added the desired functionality in v5.5.6. Skynet will now remember any custom URL (and use it for autoupdates) until you "reset" back to the default one via;

sh /jffs/scripts/firewall banmalware reset

This only applies to you @MacG32, issue the following commands first;

sed -i '\~banmalwarecustom~d' "/jffs/scripts/firewall-start"
cru d Skynet_banmalwarecustom

That will remove the temporary fix I mentioned previously as its no longer needed.

 

[G F]

Okay that makes more sense. It seems your whitelist (and possibly blacklist) do not support comments, the only way I can see this happening is if you updated from a much older version of Skynet to a current one thus missing the update code that was present for a few months (although this is a failure more on my behalf). Try the following commands;

sh /jffs/scripts/firewall disable
sed -i 's/create Blacklist.*[0-9]$/& comment/' /jffs/scripts/ipset.txt # Convert IPSets
sed -i 's/create BlockedRanges.*[0-9]$/& comment/' /jffs/scripts/ipset.txt # Convert IPSets
sed -i 's/create Whitelist.*[0-9]$/& comment/' /jffs/scripts/ipset.txt # Convert IPSets
sh /jffs/scripts/firewall restart

After Skynet restarts you should stop seeing that error and entries will actually start getting added when you issue the commands.

Thanks Adam. i appreciate your help. All the above commands appeared to apply successfully but I still get the same comment warning.

sh /jffs/scripts/firewall whitelist ip 168.1.79.229 getflix

Whitelisting 168.1.79.229
ipset v6.32: Comment cannot be used: set was created without comment support
Saving Changes

Skynet: [Complete] 0 IPs / 0 Ranges Banned. -1 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked! [1s]

Taking your comment into consideration about updating from an older version. i uninstalled/reinstalled to v5.5.6 to usb.

The results look the same.

sh /jffs/scripts/firewall whitelist ip 168.1.79.229 getflix

Whitelisting 168.1.79.229
ipset v6.32: Comment cannot be used: set was created without comment support
Saving Changes

Skynet: [Complete] 0 IPs / 0 Ranges Banned. -4 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked! [0s]

Could it be that the whilelist is not getting created?

I have noticed that there is a /jffs/shared-Skynet2-whitelist but there is only a number of domain names listed. no IP addresses. Is there any other files i should be looking at?

 

[Adamm]

Thanks Adam. i appreciate your help. All the above commands appeared to apply successfully but I still get the same comment warning.

sh /jffs/scripts/firewall whitelist ip 168.1.79.229 getflix

Whitelisting 168.1.79.229
ipset v6.32: Comment cannot be used: set was created without comment support
Saving Changes

Skynet: [Complete] 0 IPs / 0 Ranges Banned. -1 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked! [1s]

Taking your comment into consideration about updating from an older version. i uninstalled/reinstalled to v5.5.6 to usb.

The results look the same.

sh /jffs/scripts/firewall whitelist ip 168.1.79.229 getflix

Whitelisting 168.1.79.229
ipset v6.32: Comment cannot be used: set was created without comment support
Saving Changes

Skynet: [Complete] 0 IPs / 0 Ranges Banned. -4 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked! [0s]

Could it be that the whilelist is not getting created?

I have noticed that there is a /jffs/shared-Skynet2-whitelist but there is only a number of domain names listed. no IP addresses. Is there any other files i should be looking at?

Strange, whats the output of;

ipset -L -t

sh /jffs/scripts/firewall debug info

 

[G F]

Strange, whats the output of;

ipset -L -t

sh /jffs/scripts/firewall debug info

admin@RT-AC88U-9778:/tmp/home/root# ipset -L -t
Name: Whitelist
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 372
References: 6
Number of entries: 1

Name: Blacklist
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 604800
Size in memory: 2412
References: 3
Number of entries: 43

Name: privacy-filter_ipv4
Type: hash:ip
Revision: 4
Header: family inet hashsize 65536 maxelem 131072
Size in memory: 2060
References: 1
Number of entries: 50

Name: malware-filter_ipv4
Type: hash:ip
Revision: 4
Header: family inet hashsize 65536 maxelem 131072
Size in memory: 1281500
References: 1
Number of entries: 44044

Name: malware-filter_ipv4_range
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 316
References: 1
Number of entries: 0

Name: BlockedRanges
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 316
References: 1
Number of entries: 0

Name: Skynet
Type: list:set
Revision: 3
Header: size 8
Size in memory: 92
References: 5
Number of entries: 2
..........................................................................

Router Model; RT-AC88U
Skynet Version; v5.5.6 (29/11/2017)
iptables v1.4.14 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 380.68_4 (Oct 4 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda1/skynet (1.6G / 1.9G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/sda1
No Lock File Found

Checking Install Directory Write Permissions... [Passed]
Checking Firewall-Start Entry... [Passed]
Checking OpenVPN-Event Entry... [Passed]
Checking Services-Stop Entry... [Passed]
Checking CronJobs... [Passed]
Checking IPSet Comment Support... [Passed]
Checking Log Level 6 Settings... [Passed]
Checking Autobanning Status... [Passed]
Checking Debug Mode Status... [Passed]
Checking For Duplicate Rules In RAW... [Passed]
Checking For Duplicate Rules In Filter... [Passed]
Checking Skynet IPTable... [Passed]
Checking Whitelist IPSet... [Passed]
Checking BlockedRanges IPSet... [Passed]
Checking Blacklist IPSet... [Passed]
Checking Skynet IPSet... [Passed]

Skynet: [Complete] 34 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 18 Inbound / 0 Outbound Connections Blocked! [1s]

 

[Adamm]

admin@RT-AC88U-9778:/tmp/home/root# ipset -L -t
Name: Whitelist
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 372
References: 6
Number of entries: 1

Name: Blacklist
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 604800
Size in memory: 2412
References: 3
Number of entries: 43

Name: privacy-filter_ipv4
Type: hash:ip
Revision: 4
Header: family inet hashsize 65536 maxelem 131072
Size in memory: 2060
References: 1
Number of entries: 50

Name: malware-filter_ipv4
Type: hash:ip
Revision: 4
Header: family inet hashsize 65536 maxelem 131072
Size in memory: 1281500
References: 1
Number of entries: 44044

Name: malware-filter_ipv4_range
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 316
References: 1
Number of entries: 0

Name: BlockedRanges
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 316
References: 1
Number of entries: 0

Name: Skynet
Type: list:set
Revision: 3
Header: size 8
Size in memory: 92
References: 5
Number of entries: 2
..........................................................................

Router Model; RT-AC88U
Skynet Version; v5.5.6 (29/11/2017)
iptables v1.4.14 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 380.68_4 (Oct 4 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda1/skynet (1.6G / 1.9G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/sda1
No Lock File Found

Checking Install Directory Write Permissions... [Passed]
Checking Firewall-Start Entry... [Passed]
Checking OpenVPN-Event Entry... [Passed]
Checking Services-Stop Entry... [Passed]
Checking CronJobs... [Passed]
Checking IPSet Comment Support... [Passed]
Checking Log Level 6 Settings... [Passed]
Checking Autobanning Status... [Passed]
Checking Debug Mode Status... [Passed]
Checking For Duplicate Rules In RAW... [Passed]
Checking For Duplicate Rules In Filter... [Passed]
Checking Skynet IPTable... [Passed]
Checking Whitelist IPSet... [Passed]
Checking BlockedRanges IPSet... [Passed]
Checking Blacklist IPSet... [Passed]
Checking Skynet IPSet... [Passed]

Skynet: [Complete] 34 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 18 Inbound / 0 Outbound Connections Blocked! [1s]

Okay this makes more sense, are you using another similar script? Its causing conflicts as I assume its also using an IPSet named "Blacklist" and "Whitelist"

 

[MacG32]

I'm running in to what I think are problems. Whenever I Install Skynet / Change Boot Options my router restarts by itself. When I forced an update my router restarted by itself. I lost the ranges banned but kept the IPs banned. I went to input the custom list in Banmalware and while it was working on the list my router restarted by itself. I manually restarted it and attempted to input the custom list and all went well. It's running alright now. I was poking around cru l and didn't see a cron job to update the custom list. There are an update and save jobs listed.

 

[Adamm]

I'm running in to what I think are problems. Whenever I Install Skynet / Change Boot Options my router restarts by itself. When I forced an update my router restarted by itself. I lost the ranges banned but kept the IPs banned. I went to input the custom list in Banmalware and while it was working on the list my router restarted by itself. I manually restarted it and attempted to input the custom list and all went well. It's running alright now. I was poking around cru l and didn't see a cron job to update the custom list. There are an update and save jobs listed.

If the router is indeed rebooting by itself, that could be due to a kernel panic. There's only one situation where Skynet would need a reboot during initial install, and if that was the case it actually asks for the users consent first.

I'd check your syslog after these reboots and see if there's any indication of what's going on.

 

[MacG32]

If the router is indeed rebooting by itself, that could be due to a kernel panic. There's only one situation where Skynet would need a reboot during initial install, and if that was the case it actually asks for the users consent first.

I'd check your syslog after these reboots and see if there's any indication of what's going on.

There's nothing listed in the logs about rebooting or even errors. It's just like when I power it back on after I turn it off. I did get some kind of an error, but it happened while it was running. https://pastebin.com/CC3MHUPf I posted this in the Alpha thread. Never seen anything like it before.

 

[Butterfly Bones]

Where the heck is the install swap now in the new menu? I got a new USB drive to hopefully solve my disk corruption issues on reboots. I used FileZilla to more everything directly from the old USB in the router to my new USB on my linux laptop, but now no swap. Everything works, but I want to reinstall it for future compatibility.

edit - and of course I find the command as soon as I ask here.

 

[Adamm]

There's nothing listed in the logs about rebooting or even errors. It just like when I power it back on after I turn it off. I did get some kind of an error, but it happened while it was running. https://pastebin.com/CC3MHUPf I posted this in the Alpha thread. Never seen anything like it before.

Yeah this definitely looks like more of a firmware error, first time I've seen it. I'd wait for RMerlins reply and/or possibly reflash the latest firmware w/ factory restore.

 

[G F]

Okay this makes more sense, are you using another similar script? Its causing conflicts as I assume its also using an IPSet named "Blacklist" and "Whitelist"

The scripts that i'm running in addition to skynet..

Adblocking

ban malicious IPS - Martineau, v3.04
#https://www.snbforums.com/threads/h...cious-ips-using-ipset-firewall-addition.16798

privacy filter
#https://github.com/RMerl/asuswrt-merlin/wiki/Using-ipset#privacy-filter

malware-filter
#https://github.com/RMerl/asuswrt-merlin/wiki/Ipset-script-installation-instructions#malware-filter

 

[Adamm]

The scripts that i'm running in addition to skynet..

Adblocking

ban malicious IPS - Martineau, v3.04
#https://www.snbforums.com/threads/h...cious-ips-using-ipset-firewall-addition.16798

privacy filter
#https://github.com/RMerl/asuswrt-merlin/wiki/Using-ipset#privacy-filter

malware-filter
#https://github.com/RMerl/asuswrt-merlin/wiki/Ipset-script-installation-instructions#malware-filter

Gotcha. The IPSet based scripts you posted all replicate similar functionality to Skynet. Only 1 of the 4 is needed, having all 4 installed will cause compatibility issues and is unnecessary. I also don't believe the others are being actively developed anymore either.

 

[2992]

I personally don't use DNSCrypt (although I probably should). Best thing first is to confirm its actually Skynet blocking the script so I can work around it accordingly.

well, since I've enabled the "Debug Mode via the installer" the DNS(Crypt) issue I had is gone. I've done nothing else but just enabled the Debug Mode. Cool.

 

[Raphie]

There seems to be an issue with rights and banmalware updating?

Downloading filter.list         [0s]
Whitelisting Shared Domains     [3s]
Consolidating Blacklist         [12s]
Saving Changes                  Removing Previous Malware Bans  sed: can't create temp file '/tmp/mnt/AB-Solution/skynet/scripts/ipset.txt3bpIxv': Read-only file system
[6s]
Filtering IPv4 Addresses        /opt/bin/firewall: line 2325: can't create /tmp/mnt/AB-Solution/skynet/scripts/ipset.txt: Read-only file system
Filtering IPv4 Ranges           /opt/bin/firewall: line 2325: can't create /tmp/mnt/AB-Solution/skynet/scripts/ipset.txt: Read-only file system
Applying Blacklists             [7s]

For False Positive Website Bans Use; ( sh /opt/bin/firewall whitelist domain URL )

this started happening since ab-solution closes off like below?

 exiting AB-Solution
 checking installation state
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/ab_dnsmasq_postconf.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/send-email.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/functions.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/log-stats.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/pixelserv-tls.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/rotate-logs.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-ab-check.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-hosts.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/ab-solution.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/.config/email.cfg: Read-only file system
chmod: /opt/etc/init.d/S80pixelserv-tls: Read-only file system
chmod: /opt/etc/init.d/rc.func: Read-only file system
chmod: /opt/etc/init.d/rc.unslung: Read-only file system
chmod: /opt/bin/ab-solution: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/ab_dnsmasq_postconf.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/send-email.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/functions.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/log-stats.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/pixelserv-tls.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/rotate-logs.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-ab-check.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-hosts.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/ab-solution.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/.config/email.cfg: Read-only file system
chmod: /opt/etc/init.d/S80pixelserv-tls: Read-only file system
chmod: /opt/etc/init.d/rc.func: Read-only file system
chmod: /opt/etc/init.d/rc.unslung: Read-only file system
chmod: /opt/bin/ab-solution: Read-only file system
 all good, shutting down UI

Is there a conflict somewhere?

 

[Adamm]

There seems to be an issue with rights and banmalware updating?

Downloading filter.list         [0s]
Whitelisting Shared Domains     [3s]
Consolidating Blacklist         [12s]
Saving Changes                  Removing Previous Malware Bans  sed: can't create temp file '/tmp/mnt/AB-Solution/skynet/scripts/ipset.txt3bpIxv': Read-only file system
[6s]
Filtering IPv4 Addresses        /opt/bin/firewall: line 2325: can't create /tmp/mnt/AB-Solution/skynet/scripts/ipset.txt: Read-only file system
Filtering IPv4 Ranges           /opt/bin/firewall: line 2325: can't create /tmp/mnt/AB-Solution/skynet/scripts/ipset.txt: Read-only file system
Applying Blacklists             [7s]

For False Positive Website Bans Use; ( sh /opt/bin/firewall whitelist domain URL )

this started happening since ab-solution closes off like below?

 exiting AB-Solution
 checking installation state
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/ab_dnsmasq_postconf.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/send-email.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/functions.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/log-stats.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/pixelserv-tls.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/rotate-logs.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-ab-check.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-hosts.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/ab-solution.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/.config/email.cfg: Read-only file system
chmod: /opt/etc/init.d/S80pixelserv-tls: Read-only file system
chmod: /opt/etc/init.d/rc.func: Read-only file system
chmod: /opt/etc/init.d/rc.unslung: Read-only file system
chmod: /opt/bin/ab-solution: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/ab_dnsmasq_postconf.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/scripts/send-email.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/functions.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/log-stats.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/pixelserv-tls.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/rotate-logs.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-ab-check.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/addon/update-hosts.add: Read-only file system
chmod: /tmp/mnt/AB-Solution/ab-solution.sh: Read-only file system
chmod: /tmp/mnt/AB-Solution/adblocking/.config/email.cfg: Read-only file system
chmod: /opt/etc/init.d/S80pixelserv-tls: Read-only file system
chmod: /opt/etc/init.d/rc.func: Read-only file system
chmod: /opt/etc/init.d/rc.unslung: Read-only file system
chmod: /opt/bin/ab-solution: Read-only file system
 all good, shutting down UI

Is there a conflict somewhere?

That indicates an issue with your USB, it shouldn't be a read only file system. I'd try rebooting and see if the issue persists.