Skynet Skynet - Router Firewall & Security Enhancements

[Raphie]

very strange as it worked till the 3.10 update, I'll try rebooting

 

[Raphie]

works after a reboot

 

[G F]

Gotcha. The IPSet based scripts you posted all replicate similar functionality to Skynet. Only 1 of the 4 is needed, having all 4 installed will cause compatibility issues and is unnecessary. I also don't believe the others are being actively developed anymore either.

Th Disabling the aforementioned scripts, rebooting then reinstalling skynet may have done the trick. I can now see that ipset.txt is being populated with vpn client and wan dns which previously was in there.

As you said it appears there was a conflict.

thanks again mate, I really appreciate your help.

 

[2992]

@Adamm, is it normal to have these IPs blocked?
Top 50 Blocked Devices (Outbound);
302x 192.168.3.131 AAA
5x 192.168.3.133 BBB

 

[Adamm]

@Adamm, is it normal to have these IPs blocked?
Top 50 Blocked Devices (Outbound);
302x 192.168.3.131 AAA
5x 192.168.3.133 BBB

Nvm I read that wrong, this output is expected.

It details which devices are sourcing the blocks. So 302 outbound hits have come from 192.168.3.131, and 5 have come from 192.168.3.133

 

[2992]

Nvm I read that wrong, this output is expected.

It details which devices are sourcing the blocks. So 302 outbound hits have come from 192.168.3.131, and 5 have come from 192.168.3.133

ok, that's clear, thanks much!
I was thinking is just a misleading reading when I've seen them as being "Blocked Devices". It would have been strange to have the Firewall blocking the private/internal IPs.
So, I should probably read that text as the Top 50 Source Devices for above Blocked Outbound IPs.

 

[Butterfly Bones]

I just want to say again how much I appreciate the work done with Skynet to give us more protection from those on the Internet trying to find holes to instigate their mischief. Also @Makaveli if you are still thinking about using Skynet, look at this 29 probes per second! I usually see 100-350 per hour depending on the time of day. (Note I have edited out my IP and nonessential info and only left the date, time, probe source, source and destination ports. Like good old Star Trek - "Shields UP!"

Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4586  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=10014  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3373  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4444  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=33398  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3349  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=8890  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5677  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=7005  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3123  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3656  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3351  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=9151  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=9001  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5513  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=8893  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3389  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5544  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4141  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5016  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=8002  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4469  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3437  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4097  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3404  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4899  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5900  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5698  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3379  

Input IP To Ban:

[IP]: 5.8.18.90        

Input Comment For Ban:

[Comment]: 29 probes per second

Banning 5.8.18.90
ipset v6.32: Element cannot be added to the set: it's already added

 

[MacG32]

If anyone's interested, here's the custom list I use for Skynet. https://pastebin.com/raw/ZhT8ckH9 I would highly suggest whitelisting the IPs you use in your router(s) before using it.

Also bought one of these to use, because I was having problems with slow USBs. https://www.amazon.com/dp/B01MU8TZRV/?tag=snbforums-20 It's a SSD internally and fast as lightening.

 

[Netbug]

Something mega odd happened yesterday, i was just casually browsing snbforum.com then all of a sudden saw 'resolving host' when trying to browse to another page, was able to login to router, showed it was connected to internet seemed like dns issue, anyway i logged into terminal loaded ab-solution up all was ok but when trying to load skynet it would seem to freeze or crash whilst trying to load, had to manually uninstall skynet then reinstall, all ok now, oddly enough back a week or so ago it blocked me from accessing router and internet. Just thought i'd share although all is good again now. But agree with others amazing script

 

[skeal]

After searching logs and experimenting with openvpn server I have the opinion that skynet starts a little to soon in my routers boot process. It interferes with the "up-down command" during openvpn server's launch then exits with fatal error. If I use a restart script in services-start openvpn server starts no problem. This brings me to my question. Is there a way to delay skynet from starting by say 10 or 15 seconds?

 

[Adamm]

After searching logs and experimenting with openvpn server I have the opinion that skynet starts a little to soon in my routers boot process. It interferes with the "up-down command" during openvpn server's launch then exits with fatal error. If I use a restart script in services-start openvpn server starts no problem. This brings me to my question. Is there a way to delay skynet from starting by say 10 or 15 seconds?

Can you explain how it interferes? I don't see any reason for it too.

With that being said, you can add a "sleep 60" above Skynets entry in firewall-start

 

[skeal]

Can you explain how it interferes? I don't see any reason for it too.

With that being said, you can add a "sleep 60" above Skynets entry in firewall-start

When skynet starts on my router ac3100 it pins the processors both cores to 100%. In my experiance this the likley cause for my fatal error as it implys that another program is exitting. I have nothing else running. The up-down command can't finish its process. I'll try this sleep command and get back to you. Here is an excerpt from my logs:

Nov 30 10:39:03 kernel: ADDRCONF(NETDEV_CHANGE): tun21: link becomes ready
Nov 30 10:39:03 openvpn[935]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24 broadcast 10.8.0.255
Nov 30 10:39:03 openvpn[935]: updown.sh tun21 1500 1622 10.8.0.1 255.255.255.0 init
Nov 30 10:39:03 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 2 Of 10 )
Nov 30 10:39:03 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/EXT4) (pid=530) - Exiting
Nov 30 10:39:03 openvpn[935]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
Nov 30 10:39:03 openvpn[935]: Exiting due to fatal error

It sort of gives me a place to start.

 

[skeal]

I implemented the sleep 60 and openvpn server starts and has no fatal errors or warnings at boot. Skynet interacts with openvpn is this the issue in my case and the timing of this process?

 

[Adamm]

I implemented the sleep 60 and openvpn server starts and has no fatal errors or warnings at boot. Skynet interacts with openvpn is this the issue in my case and the timing of this process?

What does this updown script look like, can't say I use openvpn all that much but I don't see how Skynet would interfere with openvpn.

 

[skeal]

Probably the sleep command could be trimmed down to 15 seconds. When you have a lot of stuff loading at the same time I've noticed things can go wrong and somethings don't load right. On top of that your white-list process for the vpn may be expecting to run at the same time. That is just a guess I'm no programmer. I also have dnscrypt and AB-Solution and your script probably trying to load as well.

 

[skeal]

Refined it to 30 seconds. Everything starts now.

 

[skeal]

What does this updown script look like, can't say I use openvpn all that much but I don't see how Skynet would interfere with openvpn.

All I know is it's referred to as updown.sh

 

[john9527]

updown.sh sets up the iptables rules for selective routing. If you are also trying to set up a large number of iptables entries, I think it's possible for the updown iptables commands to fail.

In the mainline code, there are retry loops when the code tries to add a large number of rules via iptables-restore, with the following comment

// Quite a few functions will blindly attempt to manipulate iptables, colliding with us.
// Retry a few times with increasing wait time to resolve collision.

 

[skeal]

updown.sh sets up the iptables rules for selective routing. If you are also trying to set up a large number of iptables entries, I think it's possible for the updown iptables commands to fail.

In the mainline code, there are retry loops when the code tries to add a large number of rules via iptables-restore, with the following comment

// Quite a few functions will blindly attempt to manipulate iptables, colliding with us.
// Retry a few times with increasing wait time to resolve collision.

Is there anything we can do or I can do?

 

[MacG32]

I've noticed a few problems. When I leave Skynet in debug mode for a long while, it stops using the whitelist. When I return it to vanilla afterwards, it causes the router to suddenly reboot.

I set it to update more frequently yesterday, it was in debug mode, and it corrupted the whitelist.

Sometimes I get strange messages when updating banmalware, a message about comments and ipset instead of showing the times it takes to update.