What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Gotcha. The IPSet based scripts you posted all replicate similar functionality to Skynet. Only 1 of the 4 is needed, having all 4 installed will cause compatibility issues and is unnecessary. I also don't believe the others are being actively developed anymore either.

Th Disabling the aforementioned scripts, rebooting then reinstalling skynet may have done the trick. I can now see that ipset.txt is being populated with vpn client and wan dns which previously was in there.

As you said it appears there was a conflict.

thanks again mate, I really appreciate your help.
 
@Adamm, is it normal to have these IPs blocked?
Top 50 Blocked Devices (Outbound);
302x 192.168.3.131 AAA
5x 192.168.3.133 BBB

Nvm I read that wrong, this output is expected.

It details which devices are sourcing the blocks. So 302 outbound hits have come from 192.168.3.131, and 5 have come from 192.168.3.133
 
Nvm I read that wrong, this output is expected.

It details which devices are sourcing the blocks. So 302 outbound hits have come from 192.168.3.131, and 5 have come from 192.168.3.133
ok, that's clear, thanks much!
I was thinking is just a misleading reading when I've seen them as being "Blocked Devices". It would have been strange to have the Firewall blocking the private/internal IPs.
So, I should probably read that text as the Top 50 Source Devices for above Blocked Outbound IPs. :)
 
I just want to say again how much I appreciate the work done with Skynet to give us more protection from those on the Internet trying to find holes to instigate their mischief. Also @Makaveli if you are still thinking about using Skynet, look at this 29 probes per second! I usually see 100-350 per hour depending on the time of day. (Note I have edited out my IP and nonessential info and only left the date, time, probe source, source and destination ports. Like good old Star Trek - "Shields UP!"
Code:
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4586  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=10014  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3373  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4444  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=33398  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3349  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=8890  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5677  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=7005  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3123  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3656  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3351  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=9151  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=9001  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5513  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=8893  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3389  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5544  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4141  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5016  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=8002  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4469  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3437  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4097  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3404  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=4899  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5900  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=5698  
Nov 28 22:19:07 kernel: [BLOCKED - INBOUND]  SRC=5.8.18.90   SPT=65533 DPT=3379  

Input IP To Ban:

[IP]: 5.8.18.90        

Input Comment For Ban:

[Comment]: 29 probes per second

Banning 5.8.18.90
ipset v6.32: Element cannot be added to the set: it's already added
 
Last edited:
Something mega odd happened yesterday, i was just casually browsing snbforum.com :D then all of a sudden saw 'resolving host' when trying to browse to another page, was able to login to router, showed it was connected to internet seemed like dns issue, anyway i logged into terminal loaded ab-solution up all was ok but when trying to load skynet it would seem to freeze or crash whilst trying to load, had to manually uninstall skynet then reinstall, all ok now, oddly enough back a week or so ago it blocked me from accessing router and internet. Just thought i'd share although all is good again now. But agree with others amazing script :)
 
After searching logs and experimenting with openvpn server I have the opinion that skynet starts a little to soon in my routers boot process. It interferes with the "up-down command" during openvpn server's launch then exits with fatal error. If I use a restart script in services-start openvpn server starts no problem. This brings me to my question. Is there a way to delay skynet from starting by say 10 or 15 seconds?
 
After searching logs and experimenting with openvpn server I have the opinion that skynet starts a little to soon in my routers boot process. It interferes with the "up-down command" during openvpn server's launch then exits with fatal error. If I use a restart script in services-start openvpn server starts no problem. This brings me to my question. Is there a way to delay skynet from starting by say 10 or 15 seconds?

Can you explain how it interferes? I don't see any reason for it too.

With that being said, you can add a "sleep 60" above Skynets entry in firewall-start
 
Can you explain how it interferes? I don't see any reason for it too.

With that being said, you can add a "sleep 60" above Skynets entry in firewall-start
When skynet starts on my router ac3100 it pins the processors both cores to 100%. In my experiance this the likley cause for my fatal error as it implys that another program is exitting. I have nothing else running. The up-down command can't finish its process. I'll try this sleep command and get back to you. Here is an excerpt from my logs:
Code:
Nov 30 10:39:03 kernel: ADDRCONF(NETDEV_CHANGE): tun21: link becomes ready
Nov 30 10:39:03 openvpn[935]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24 broadcast 10.8.0.255
Nov 30 10:39:03 openvpn[935]: updown.sh tun21 1500 1622 10.8.0.1 255.255.255.0 init
Nov 30 10:39:03 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 2 Of 10 )
Nov 30 10:39:03 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/EXT4) (pid=530) - Exiting
Nov 30 10:39:03 openvpn[935]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
Nov 30 10:39:03 openvpn[935]: Exiting due to fatal error
It sort of gives me a place to start.
 
I implemented the sleep 60 and openvpn server starts and has no fatal errors or warnings at boot. Skynet interacts with openvpn is this the issue in my case and the timing of this process?
 
I implemented the sleep 60 and openvpn server starts and has no fatal errors or warnings at boot. Skynet interacts with openvpn is this the issue in my case and the timing of this process?

What does this updown script look like, can't say I use openvpn all that much but I don't see how Skynet would interfere with openvpn.
 
Probably the sleep command could be trimmed down to 15 seconds. When you have a lot of stuff loading at the same time I've noticed things can go wrong and somethings don't load right. On top of that your white-list process for the vpn may be expecting to run at the same time. That is just a guess I'm no programmer. I also have dnscrypt and AB-Solution and your script probably trying to load as well.
 
Refined it to 30 seconds. Everything starts now.
 
What does this updown script look like, can't say I use openvpn all that much but I don't see how Skynet would interfere with openvpn.
All I know is it's referred to as updown.sh
 
updown.sh sets up the iptables rules for selective routing. If you are also trying to set up a large number of iptables entries, I think it's possible for the updown iptables commands to fail.

In the mainline code, there are retry loops when the code tries to add a large number of rules via iptables-restore, with the following comment
Code:
// Quite a few functions will blindly attempt to manipulate iptables, colliding with us.
// Retry a few times with increasing wait time to resolve collision.
 
updown.sh sets up the iptables rules for selective routing. If you are also trying to set up a large number of iptables entries, I think it's possible for the updown iptables commands to fail.

In the mainline code, there are retry loops when the code tries to add a large number of rules via iptables-restore, with the following comment
Code:
// Quite a few functions will blindly attempt to manipulate iptables, colliding with us.
// Retry a few times with increasing wait time to resolve collision.
Is there anything we can do or I can do?
 
I've noticed a few problems. When I leave Skynet in debug mode for a long while, it stops using the whitelist. When I return it to vanilla afterwards, it causes the router to suddenly reboot.

I set it to update more frequently yesterday, it was in debug mode, and it corrupted the whitelist.

Sometimes I get strange messages when updating banmalware, a message about comments and ipset instead of showing the times it takes to update.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top