Skynet Skynet - Router Firewall & Security Enhancements

[thelonelycoder]

Yes, which I have modified in this commit (along with amtm which uses the same code)

Thanks, I'll use that in AB4, AB3 stays on the old method.

 

[skeal]

@Adamm I may have found a bit of a bug. When applying settings and calling firewall-start it seems Skynet checks if its running and if it is (and it always is running) it exits. However I have found that even though Skynet is running its not removing the dropped packet logs from syslog. They quickly pile up. The resolution is to enter this at command line:

sh /jffs/scripts/firewall

Once in the menu I run restart (number 8) and in spite of the fails it restarts and removes those syslog entries again. This is my only observation everything else works pristine. Thanks for your excellent script writing skills! I love Skynet!

 

[Adamm]

@Adamm I may have found a bit of a bug. When applying settings and calling firewall-start it seems Skynet checks if its running and if it is (and it always is running) it exits. However I have found that even though Skynet is running its not removing the dropped packet logs from syslog. They quickly pile up. The resolution is to enter this at command line:

sh /jffs/scripts/firewall

Once in the menu I run restart (number 8) and in spite of the fails it restarts and removes those syslog entries again. This is my only observation everything else works pristine. Thanks for your excellent script writing skills! I love Skynet!

I'm not sure what you mean by when applying settings, but logs are only purged when the Purge_Logs function is called. This function is called for most commands, like saving, banning etc. I can probably run the function when the menu is also loaded if you like. Otherwise I'm not sure exactly what the issue your pointing out is.

 

[skeal]

Lets say you are changing QOS settings. You apply the change. When I return to the log I can see all the dropped packet entries start piling up they never quit. If I ssh into the router and restart Skynet even though the ssh read out says that the process failed it actually works to get rid of the dropped packet log entries. You can replicate this by lets say adding a gateway setting to dhcp settings. In my case I set to my routers private ip. I apply the change at the bottom of the page and wait for the changes to take place. I then go to the syslog as soon as I am able and like I said the dropped packet logs start adding up. The log shows that firewall-start is run and complete (I use logger "End of firewall-start"). So if I run firewall-start from ssh you can see Skynet getting called but it exits because its running already. Log entries should be gone but are not. I have to restart Skynet even though the ssh display shows failures it works and the log is returned to be clean of dropped packet logs. Thank you for your patience bud!

 

[Jack Yaz]

Lets say you are changing QOS settings. You apply the change. When I return to the log I can see all the dropped packet entries start piling up they never quit. If I ssh into the router and restart Skynet even though the ssh read out says that the process failed it actually works to get rid of the dropped packet log entries. You can replicate this by lets say adding a gateway setting to dhcp settings. In my case I set to my routers private ip. I apply the change at the bottom of the page and wait for the changes to take place. I then go to the syslog as soon as I am able and like I said the dropped packet logs start adding up. The log shows that firewall-start is run and complete (I use logger "End of firewall-start"). So if I run firewall-start from ssh you can see Skynet getting called but it exits because its running already. Log entries should be gone but are not. I have to restart Skynet even though the ssh display shows failures it works and the log is returned to be clean of dropped packet logs. Thank you for your patience bud!

Doesn't Skynet only remove them hourly on the cron job for saving and processing?

 

[skeal]

Doesn't Skynet only remove them hourly on the cron job for saving and processing?

That may be true, I can understand that, but for me that means 150 or more dropped packet log entries before Skynet runs again.

 

[juched]

That may be true, I can understand that, but for me that means 150 or more dropped packet log entries before Skynet runs again.

Do you find that affects performance? You can also turn off debug logging.

It doesn’t seem to impact my router, so that is why I am asking.


Sent from my iPhone using Tapatalk

 

[skeal]

Do you find that affects performance? You can also turn off debug logging.

It doesn’t seem to impact my router, so that is why I am asking.


Sent from my iPhone using Tapatalk

Does not affect performance at all. It makes navigating logs miserable when other things are being logged as well.

 

[skeal]

Oh I should add that I have bad vision and need large text size in logs to read them. This makes things worse I know.

 

[Adamm]

Lets say you are changing QOS settings. You apply the change. When I return to the log I can see all the dropped packet entries start piling up they never quit. If I ssh into the router and restart Skynet even though the ssh read out says that the process failed it actually works to get rid of the dropped packet log entries. You can replicate this by lets say adding a gateway setting to dhcp settings. In my case I set to my routers private ip. I apply the change at the bottom of the page and wait for the changes to take place. I then go to the syslog as soon as I am able and like I said the dropped packet logs start adding up. The log shows that firewall-start is run and complete (I use logger "End of firewall-start"). So if I run firewall-start from ssh you can see Skynet getting called but it exits because its running already. Log entries should be gone but are not. I have to restart Skynet even though the ssh display shows failures it works and the log is returned to be clean of dropped packet logs. Thank you for your patience bud!

Okay I think I understand now (and the flaw in my original design). I've pushed v5.7.6 which should fix it along with some other commits from the past two days.

 

[skeal]

Okay I think I understand now (and the flaw in my original design). I've pushed v5.7.6 which should fix it along with some other commits from the past two days.

Yes.....works like a charm!! Thank you for your patience sir! You and this script are awesome!

 

[M@rco]

It makes navigating logs miserable when other things are being logged as well.

Oh I should add that I have bad vision and need large text size in logs to read them. This makes things worse I know.

Sounds familar . What works perfectly for me is a (free) remote logging service, called Papertrail (https://papertrailapp.com/). If you have no problems with uploading your logs, you can simply create a free account. You can define one of their IP's (just resolve the hostname they give you and use one of the IP's returned) and a dedicated portnumber to send your logs to in the AsusWRT Merlin Webui > System Log > Remote Log Server. Once set and done, you can easily filter your logfile. It's realtime, it's free (with some limitations but definitely suits my needs), you can add multiple systems and you can create any filter (include, exclude search strings, filter by process etcetera). You can even set up e-mail alerts. Not affiliated in any way, but I love it, and I just zoom in and out in my browser)

 

[skeal]

Sounds familar . What works perfectly for me is a (free) remote logging service, called Papertrail (https://papertrailapp.com/). If you have no problems with uploading your logs, you can simply create a free account. You can define one of their IP's (just resolve the hostname they give you and use one of the IP's returned) and a dedicated portnumber to send your logs to in the AsusWRT Merlin Webui > System Log > Remote Log Server. Once set and done, you can easily filter your logfile. It's realtime, it's free (with some limitations but definitely suits my needs), you can add multiple systems and you can create any filter (include, exclude search strings, filter by process etcetera). You can even set up e-mail alerts. Not affiliated in any way, but I love it, and I just zoom in and out in my browser)

This sounds real nice!!

 

[M@rco]

This sounds real nice!!

It actually is If you need any help just send me a pm.

 

[skeal]

It actually is If you need any help just send me a pm.

Sent you a message...

 

[heinz]

Any idea what might cause this upon restarting skynet...Option 8 in the menu? I reinstalled everything today but I'm missing something with skynet. Not sure what.

Router Model; RT-AC68U
Skynet Version; v5.7.6 (07/02/2018)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.3_beta1 (Feb 4 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/ab-solution/skynet (4.6G / 7.0G Space Available)
SWAP File; /tmp/mnt/ab-solution/myswap.swp (2.0G)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/ab-solution

Checking Skynet IPTable... [Failed]
Checking Whitelist IPSet... [Failed]
Checking BlockedRanges IPSet... [Failed]
Checking Blacklist IPSet... [Failed]
Checking Skynet IPSet... [Failed]

Select Menu Option:
[1] --> Unban
[2] --> Ban
[3] --> Banmalware
[4] --> Whitelist
[5] --> Import IP List
[6] --> Deport IP List
[7] --> Save
[8] --> Restart Skynet
[9] --> Temporarily Disable Skynet
[10] --> Update Skynet
[11] --> Debug Options
[12] --> Stats
[13] --> Install Skynet / Change Boot Options
[14] --> Uninstall

 

[M@rco]

Any idea what might cause this upon restarting skynet...

Just give it 60 seconds and try again... (exit, then after 60 seconds start Skynet from the command line, I mean)

 

[heinz]

Just give it 60 seconds and try again...

It's been hours.

 

[M@rco]

Have you been trying to restarting it all that time? Try exiting and start it by typing

firewall

in your terminal. If it persists take a look at syslog if that gives any clues as to what went wrong.

 

[heinz]

Have you been trying to restarting it all that time? Try exiting and start it by typing

firewall

in your terminal. If it persists take a look at syslog if that gives any clues as to what went wrong.

Ok, I guess I should have been more clear. Upon opening I get what I think is a normal startup.

#############################


Router Model; RT-AC68U
Skynet Version; v5.7.6 (07/02/2018)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.3_beta1 (Feb 4 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/ab-solution/skynet (4.6G / 7.0G Space Available)
SWAP File; /tmp/mnt/ab-solution/myswap.swp (2.0G)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/ab-solution

0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked!

Select Menu Option:
[1] --> Unban
[2] --> Ban
[3] --> Banmalware
[4] --> Whitelist
[5] --> Import IP List
[6] --> Deport IP List
[7] --> Save
[8] --> Restart Skynet
[9] --> Temporarily Disable Skynet
[10] --> Update Skynet
[11] --> Debug Options
[12] --> Stats
[13] --> Install Skynet / Change Boot Options
[14] --> Uninstall

[r] --> Reload Menu
[e] --> Exit Menu


If I use option 8 I receive:

Router Model; RT-AC68U
Skynet Version; v5.7.6 (07/02/2018)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.3_beta1 (Feb 4 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/ab-solution/skynet (4.6G / 7.0G Space Available)
SWAP File; /tmp/mnt/ab-solution/myswap.swp (2.0G)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/ab-solution

Checking Skynet IPTable... [Failed]
Checking Whitelist IPSet... [Failed]
Checking BlockedRanges IPSet... [Failed]
Checking Blacklist IPSet... [Failed]
Checking Skynet IPSet... [Failed]

Select Menu Option:
[1] --> Unban
[2] --> Ban
[3] --> Banmalware
[4] --> Whitelist
[5] --> Import IP List
[6] --> Deport IP List
[7] --> Save
[8] --> Restart Skynet
[9] --> Temporarily Disable Skynet
[10] --> Update Skynet
[11] --> Debug Options
[12] --> Stats
[13] --> Install Skynet / Change Boot Options
[14] --> Uninstall

[r] --> Reload Menu
[e] --> Exit Menu


And no, I haven't been trying to restart it non-stop for hours.