DonnyJohnny
Very Senior Member
Silently 2 updates in 5.7.5. For people to update manually. Lastly is 5.7.5 05/02/2018.
Force update if u already 2.7.5 03/02/2018
Force update if u already 2.7.5 03/02/2018
Last edited:
Silently 2 updates in 2.7.5. For people to update manually. Lastly is 2.7.5 05/02/2018.
Force update if u already 2.7.5 03/02/2018
Silently 2 updates in 2.7.5. For people to update manually. Lastly is 2.7.5 05/02/2018.
Force update if u already 2.7.5 03/02/2018
Recently my ip has been very active with port scanner from new ip . It is blocked by my iptables in mangle.
I would like to know if you can allow us to customise the autoban? Currently is 2 invalid packet within 5min which I think is too long. I am thinking of reducing to a min or 30sec
du: invalid option -- 'f'
BusyBox v1.24.1 (2018-02-02 11:14:24 EST) multi-call binary.
Usage: du [-aHLdclsxhmk] [FILE]...
Summarize disk space used for each FILE and/or directory
-a Show file sizes too
-L Follow all symlinks
-H Follow symlinks on command line
-d N Limit output to directories (and files with -a) of depth < N
-c Show grand total
-l Count sizes many times if hard linked
-s Display only a total for each argument
-x Skip directories on different filesystems
-h Sizes in human readable format (e.g., 1K 243M 2G)
-m Sizes in megabytes
-k Sizes in kilobytes (default)
SWAP File; -f ()
Boot Args; /jffs/scripts/firewall start banmalware autoupdate
Adamm, before posting I checked if this error is only from my side. This little error occured if I previously have configured an existing swap partition. This is the output of firewall command (after the skynetv5 logo):
Aside this, the app works. ac86u with latest alpha.Code:du: invalid option -- 'f' BusyBox v1.24.1 (2018-02-02 11:14:24 EST) multi-call binary. Usage: du [-aHLdclsxhmk] [FILE]... Summarize disk space used for each FILE and/or directory -a Show file sizes too -L Follow all symlinks -H Follow symlinks on command line -d N Limit output to directories (and files with -a) of depth < N -c Show grand total -l Count sizes many times if hard linked -s Display only a total for each argument -x Skip directories on different filesystems -h Sizes in human readable format (e.g., 1K 243M 2G) -m Sizes in megabytes -k Sizes in kilobytes (default) SWAP File; -f () Boot Args; /jffs/scripts/firewall start banmalware autoupdate
cat /jffs/scripts/post-mount
Whats the output of the following command;
Code:cat /jffs/scripts/post-mount
if [ "$1" = "/tmp/mnt/sda" ] ; then
ln -nsf $1/entware /tmp/opt
fi
[ -f /opt/myswap.swp ] && swapon /opt/myswap.swp
Code:[ -f /opt/myswap.swp ] && swapon /opt/myswap.swp
swapon /opt/myswap.swp 2>/dev/null
[ -f /opt/myswap.swp ] && \
swapon /opt/myswap.swp
Looks OK, make sure there is at least one empty line after the last command.Code:if [ "$1" = "/tmp/mnt/sda" ] ; then ln -nsf $1/entware /tmp/opt fi [ -f /opt/myswap.swp ] && swapon /opt/myswap.swp
Okay that makes sense, most scripts on this forum expect the line to start with the swapon command, I suggest you make one of the following modifications rather then me write a workaround for just my script;
1). Change the line to the following, the file detection isn't really necessary as if the swap file doesn't exist there is no adverse affects beyond an error message (Which can be silenced in my example)
Code:swapon /opt/myswap.swp 2>/dev/null
2). Keep the original functionality but move the swapon command to its own line;
Code:[ -f /opt/myswap.swp ] && \ swapon /opt/myswap.swp
I didn't know that, sorry ^_^; Now it works.
Wait so are you implying Skynet is banning too many or too few IP's?
-A PREROUTING -m conntrack --ctstate INVALID -j DROP
-A PREROUTING -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP
-A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A PREROUTING -f -j DROP
Yeah its because my script (and others IIRC) use a basic grep command on any swapon match in that file, then use awk to phrase the second field. In 99% of cases this would be the swap file location, in this edge case its picking up the -f in that line as the second field.
I will put a workaround in Skynet incase other users run into this issue, but again for better compatibility and simplicity I suggest you continue to use one of the fixes above.
if grep -qF "swapon" /jffs/scripts/post-mount 2>/dev/null; then swaplocation="$(grep -F "swapon" /jffs/scripts/post-mount | awk '{print $2}')"; echo "SWAP File; $swaplocation ($(du -h "$swaplocation" | awk '{print $1}'))"; fi
too few..
But I do realise that the invalid packet checking is done at filter table.
Could it be done at prerouting in mangle table? I just asking as I know nothing about the iptables.
Ah I understand... it's this line, right?
Code:if grep -qF "swapon" /jffs/scripts/post-mount 2>/dev/null; then swaplocation="$(grep -F "swapon" /jffs/scripts/post-mount | awk '{print $2}')"; echo "SWAP File; $swaplocation ($(du -h "$swaplocation" | awk '{print $1}'))"; fi
Another question is autoban ip are dropped via ipset?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!