Skynet Skynet - Router Firewall & Security Enhancements

[Adamm]

Also, I am finding many other applications and websites not working well anymore. Does this autoban anything it doesn't recognize?

The feature is purely based off the built in SPI Firewall functionality. One of the limitations is that the SPI firewall does have false positives because it doesn't use deep packet inspection and all traffic is treated equally. Some users never get any, some users frequently notice it which is why there is an option to disable the feature. I am looking at ways to try mitigate false positives but its much easier said then done (the fact I rarely get any myself doesn't help either)

 

[sriamc]

I am currently living in South Korea and wonder if this might have anything to do with it.

-edit-
Removed: Do you think it would just be wise to unblock the country and see how it works then?

Found that this feature is ab-solution and not skynet

 

[DonnyJohnny]

I don't think the current default malware list in Skynet is blocking on geographical.
Current list. https://github.com/Adamm00/IPSet_ASUS/blob/master/filter.list

I think there bound to have some false positives. I suggest going to firehol site to look at those iplist and customise your own malware list to your needs. Compile the raw source and paste them to pastebin. Copy the raw link and add them to skynet custom malware list.

Because some IPlist is not as update as the rest. And also you may want to consider updating the malware list more frequently. Default is 24 hrs. Suggest update every 6 hr.

And as time goes, whitelist those false positive ip/domain, the system will work well.

 

[paulbates]

Question about Skynet as a firewwall in conjunction with Asus' firewall.

I run the stats, and it shows a lot of inbound blocked. Given that I already have my all inbound ports on my firewall closed, what is skynet reflecting in those stats?

• things that were blocked anyway as no ports are open?
• ... or things responding based on outbound requests from my lan?
• ... or something else?

Thank you

Paul

 

[bilboSNB]

I am trying this script for the first time, it is on a ac86u 382.2_beta2.

Nothing appeared to be happening until I went to the firewall page and clicked apply. Is this normal? Maybe I needed to reboot.

Many thanks

 

[martinr]

Question about Skynet as a firewwall in conjunction with Asus' firewall.

I run the stats, and it shows a lot of inbound blocked. Given that I already have my all inbound ports on my firewall closed, what is skynet reflecting in those stats?

• things that were blocked anyway as no ports are open?
• ... or things responding based on outbound requests from my lan?
• ... or something else?

Thank you

Paul

I’m not sure if this post from last month answers your query?

https://www.snbforums.com/threads/s...-manual-ip-blocking.16798/page-82#post-367221

 

[DonnyJohnny]

Good to have your port closed. Somehow port scanning is notorious and without Skynet, the router will need to work a bit harder to drop the packet hitting your router. With Skynet, they will be blocked and kicked at the fence before knocking your door. Door is scratch free.

 

[noworries]

CLI Country Ban appears not to be working.
88U running Merlin 382.1.2 with ABSolution and PixelServe also installed with the 3/1/2018 SkyNet version.

I can ban individual and sets of countries via the UI andthen see related IPs in the BlockedRanges output of the CLI Search command, and, the UI banner lists the banned countries.

When I run the CLI's Ban Country command for multiple countries (quoted list), or with one country quoted or not, the command appears to run successfully, but the Search command no longer finds an IP in the BlockedRanges output. Also, the UI does not list the set of blocked countries.
----
Also, when time permits, will you consider adding e)xit commands to more menus? There are a number of places from which one cannot back out without doing something.
Thanks

 

[Adamm]

CLI Country Ban appears not to be working.
88U running Merlin 382.1.2 with ABSolution and PixelServe also installed with the 3/1/2018 SkyNet version.

I can ban individual and sets of countries via the UI andthen see related IPs in the BlockedRanges output of the CLI Search command, and, the UI banner lists the banned countries.

When I run the CLI's Ban Country command for multiple countries (quoted list), or with one country quoted or not, the command appears to run successfully, but the Search command no longer finds an IP in the BlockedRanges output. Also, the UI does not list the set of blocked countries.

Works for me, are you using the right command?

admin@RT-AC68U-EE20:/tmp/home/root# firewall ban country "cn jp ru"


Removing Previous Country Bans
Banning Known IP Ranges For cn jp ru
Downloading Lists
Filtering IPv4 Ranges & Applying Blacklists
Saving Changes
Skynet: [Complete] 131412 IPs / 16604 Ranges Banned. 0 New IPs / 14663 New Ranges Banned. 448 Inbound / 45 Outbound Connections Blocked! [14s]

Router Model; RT-AC68U
Skynet Version; v5.6.6 (03/01/2018)
iptables v1.4.15 - (ppp0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 382.2_beta2 (Jan 1 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/Main/skynet (12.7G / 14.1G Space Available)
SWAP File; /tmp/mnt/Main/myswap.swp (512.0M)
Boot Args; /jffs/scripts/firewall start debug banmalware usb=/tmp/mnt/Main
Banned Countries; cn jp ru
131412 IPs / 16604 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 481 Inbound / 45 Outbound Connections Blocked!
Select Menu Option:
[1] --> Unban
[2] --> Ban
[3] --> Banmalware
[4] --> Whitelist
[5] --> Import IP List
[6] --> Deport IP List
[7] --> Save
[8] --> Restart Skynet
[9] --> Temporarily Disable Skynet
[10] --> Update Skynet
[11] --> Debug Options
[12] --> Stats
[13] --> Install Skynet / Change Boot Options
[14] --> Uninstall
[r] --> Reload Menu
[e] --> Exit Menu
[1-14]:

Also, when time permits, will you consider adding e)xit commands to more menus? There are a number of places from which one cannot back out without doing something.

I've currently got an exit prompt everywhere (even when the option isnt visible) besides when it asks for direct input like an IP or comment, in which case the easiest way to return to the menu would be typing something invalid then using the appropriate command.

 

[noworries]

I execute:

/jffs/scripts/firewall ban country AD

Here is the result when there are no pre-existing countries banned:
---
Removing Previous Country Bans
Banning Known IP Ranges For AD
Downloading Lists
Filtering IPv4 Ranges & Applying Blacklists
Saving Changes

Skynet: [Complete] 128476 IPs / 1766 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 4886 Inbound / 1585 Outbound Connections Blocked! [5s]
---

then look to see if AD IPs are banned:

/jffs/scripts/firewall stats search ip 80.80.84.1

Here's the result:
---
Debug Data Detected in /tmp/mnt/data/skynet/skynet.log - 3.1M
Monitoring From Jan 2 16:48:04 To Jan 6 23:49:27
11963 Block Events Detected
2140 Unique IPs
8 Autobans Issued
0 Manual Bans Issued

80.80.84.1 is NOT in set Whitelist.
80.80.84.1 is NOT in set Blacklist.
80.80.84.1 is NOT in set BlockedRanges.
---
It appears that "AD" has not been blocked.

But, then, after adding country AD to the banned list via the UI and running:

/jffs/scripts/firewall stats search ip 80.80.84.1

Here are the results:
---
Debug Data Detected in /tmp/mnt/data/skynet/skynet.log - 3.2M
Monitoring From Jan 2 16:48:04 To Jan 7 00:06:48
11989 Block Events Detected
2144 Unique IPs
8 Autobans Issued
0 Manual Bans Issued

80.80.84.1 is NOT in set Whitelist.
80.80.84.1 is NOT in set Blacklist.
80.80.84.1 is in set BlockedRanges.

BlockedRanges Reason;
80.80.84.0/22 "Country: ad"

80.80.84.1 First Tracked On
80.80.84.1 Last Tracked On
0 Events Total
---
Country AD now appears to be blocked.

 

[noworries]

So, I just ran:

/jffs/scripts/firewall ban country ad

with lower case country code, and it appears to work. Is it possible that although the country codes on the website list that provide the IPs are in Upper Case, that the CLI command needs them to be in lower case? I'd built a list from the website in Upper Case that I'd fed to the ban command.

 

[Adamm]

So, I just ran:

/jffs/scripts/firewall ban country ad

with lower case country code, and it appears to work. Is it possible that although the country codes on the website list that provide the IPs are in Upper Case, that the CLI command needs them to be in lower case? I'd built a list from the website in Upper Case that I'd fed to the ban command.

They appear on the website in lowercase for me and with Linux being case sensitive this is definitely the issue.

 

[Makaveli]

Question so I just installed skynet should I be worried about that message in red?



Is there a list of the Country codes in short form somewhere?

I had to scan through the post to find it as I was trying to block china

seems to be working now as i'm using cn as the country code.

 

[noworries]

Question so I just installed skynet should I be worried about that message in red?

No, the lock file is deleted when the locked processes have completed as per the line in yellow.

Is there a list of the Country codes in short form somewhere?

I had to scan through the post to find it as I was trying to block china

seems to be working now as i'm using cn as the country code.

The list is here:
http://www.ipdeny.com/ipblocks/data/countries/

 

[Makaveli]

No, the lock file is deleted when the locked processes have completed as per the line in yellow.


The list is here:
http://www.ipdeny.com/ipblocks/data/countries/

When I select one country to ban then select another it doesn't seem to keep the previous one?

So I select RU first then select CN after but it only shows

Router Model; R7000
Skynet Version; v5.6.6 (03/01/2018)
iptables v1.4.14 - (vlan2 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 380.69_0 (Dec 12 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda5/skynet (1.5G / 1.8G Space Available)
SWAP File; /tmp/mnt/sda5/myswap.swp (257.0M)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/sda5
Banned Countries; cn

 

[yk101]

When I select one country to ban then select another it doesn't seem to keep the previous one?

So I select RU first then select CN after but it only shows

Router Model; R7000
Skynet Version; v5.6.6 (03/01/2018)
iptables v1.4.14 - (vlan2 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 380.69_0 (Dec 12 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda5/skynet (1.5G / 1.8G Space Available)
SWAP File; /tmp/mnt/sda5/myswap.swp (257.0M)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/sda5
Banned Countries; cn

You need to specify all of the countries you want to ban in one shot.

 

[Makaveli]

You need to specify all of the countries you want to ban in one shot.

So at the prompt cn ; ru?

Router Model; R7000
Skynet Version; v5.6.6 (03/01/2018)
iptables v1.4.14 - (vlan2 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 380.69_0 (Dec 12 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda5/skynet (1.5G / 1.8G Space Available)
SWAP File; /tmp/mnt/sda5/myswap.swp (257.0M)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/sda5
Banned Countries; cn ; ru

 

[noworries]

Use space separation between countries. Or, you can do this from the linux command line:

/jffs/scripts/firewall ban country "af ax al dz as ad ao ai aq ag ar am aw az bs bh bd bb by bz bj bm bt bo bq ba bw bv br io bn bg bf bi kh cm cv ky cf td cl cn cx cc co km cg cd ck cr ci hr cu cw cy cz dk dj dm do ec eg sv gq er ee et fk fo fj"

with your preferred list of countries. I've found that there is an 82 country limit.

Here is an annotated list of country codes:
https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

 

[yk101]

So at the prompt cn ; ru?

Router Model; R7000
Skynet Version; v5.6.6 (03/01/2018)
iptables v1.4.14 - (vlan2 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 380.69_0 (Dec 12 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda5/skynet (1.5G / 1.8G Space Available)
SWAP File; /tmp/mnt/sda5/myswap.swp (257.0M)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/sda5
Banned Countries; cn ; ru

Not really - in my case I created countries list contents of which I pass to the script:

admin@RT-AC88U:/jffs/scripts# cat countries.txt
cn br ir ua ar iq tw th lv ru ro cl sa pk bg
admin@RT-AC88U:/jffs/scripts#

I simply used space between the entries!

 

[Makaveli]

Thank you both very helpful.