What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Here's a little sneak peak, and we are just scratching the surface here of whats now possible;

qTAqzfu.png


KtoISm4.png


IB6IQbN.png


Everyone send some love @john9527 's way, hes been a trooper working on this.
 
To @john9527 and @Adamm for their hard work and continuous efforts and commitment ...

DtiD88n.jpg


Ps. I'm not this hot by far in real life, but frankly, when looking in the clouded mirror, while looking for my glasses and a touch of imagination, I'm frankly not that far off, to be true... That, or it might be time to pay the optometrist another visit :cool:
 
Great news, good feature ! Will it be possible to do a one shot reload of the current whitelist to add comments too or it is too difficult ?
 
Great news, good feature ! Will it be possible to do a one shot reload of the current whitelist to add comments too or it is too difficult ?

Existing entries on all sets will have to be removed and readded if you wish to add a comment. Banmalware/ban country/list importing will automatically convert current entries upon their next run.

The only entries that won't have comments is autobans, I can't seem to find a good way to pass comments on as they are added by an iptables rule which doesn't support the feature. Besides that everything else will convert seamlessly upon upgrading.
 
My skynet seems to be running an update roughly every 6 minutes or so according to my logs. How can I change this? I only used your default install stuff so I didn't make any changes.

Thanks
 
My skynet seems to be running an update roughly every 6 minutes or so according to my logs. How can I change this? I only used your default install stuff so I didn't make any changes.

Thanks

Please post the output of;

Code:
cru l

and

Code:
sh /jffs/scripts/firewall debug info
 
Oh just ran a debug info and found "Duplicate Rules Detected In FILTER"! Is this something to be aware?
 
Oh just ran a debug info and found "Duplicate Rules Detected In FILTER"! Is this something to be aware?

I can't think of any reason a rule would be in the same chain twice, as once IPTables matches a rule it moves on. But lets find out whats causing it, please post the output of;

Code:
iptables -L
 
Code:
ac87@RT-AC87U-ED60:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
logdrop    icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
logdrop    all  --  anywhere             anywhere             state INVALID
PTCSRVWAN  all  --  anywhere             anywhere
PTCSRVLAN  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
SSHBFP     tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW
INPUT_ICMP  icmp --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
logdrop    all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
ACCEPT     all  --  anywhere             anywhere
NSFW       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             MyDesktopPC          udp dpt:65030

Chain INPUT_ICMP (1 references)
target     prot opt source               destination
RETURN     icmp --  anywhere             anywhere             icmp echo-request
RETURN     icmp --  anywhere             anywhere             icmp timestamp-request
ACCEPT     icmp --  anywhere             anywhere

Chain NSFW (1 references)
target     prot opt source               destination

Chain PControls (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PTCSRVLAN (1 references)
target     prot opt source               destination

Chain PTCSRVWAN (1 references)
target     prot opt source               destination

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain SSHBFP (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             recent: SET name: SSH side: source
LOG        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
LOG        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
LOG        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
logdrop    all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source
ACCEPT     all  --  anywhere             anywhere

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (9 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             match-set Whitelist src
DROP       tcp  --  anywhere             anywhere             multiport sports www,https,imap2,imaps,pop3,pop3s,smtp,ssmtp state INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST,ACK
LOG        all  --  anywhere             anywhere             state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             state INVALID add-set Blacklist src
DROP       all  --  anywhere             anywhere
 
Code:
ac87@RT-AC87U-ED60:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
logdrop    icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
logdrop    all  --  anywhere             anywhere             state INVALID
PTCSRVWAN  all  --  anywhere             anywhere
PTCSRVLAN  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
SSHBFP     tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW
INPUT_ICMP  icmp --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
logdrop    all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
ACCEPT     all  --  anywhere             anywhere
NSFW       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             MyDesktopPC          udp dpt:65030

Chain INPUT_ICMP (1 references)
target     prot opt source               destination
RETURN     icmp --  anywhere             anywhere             icmp echo-request
RETURN     icmp --  anywhere             anywhere             icmp timestamp-request
ACCEPT     icmp --  anywhere             anywhere

Chain NSFW (1 references)
target     prot opt source               destination

Chain PControls (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PTCSRVLAN (1 references)
target     prot opt source               destination

Chain PTCSRVWAN (1 references)
target     prot opt source               destination

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain SSHBFP (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere             recent: SET name: SSH side: source
LOG        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
LOG        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
LOG        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source add-set Blacklist src
logdrop    all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source
ACCEPT     all  --  anywhere             anywhere

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (9 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             match-set Whitelist src
DROP       tcp  --  anywhere             anywhere             multiport sports www,https,imap2,imaps,pop3,pop3s,smtp,ssmtp state INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST,ACK
LOG        all  --  anywhere             anywhere             state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
SET        all  --  anywhere             anywhere             state INVALID add-set Blacklist src
DROP       all  --  anywhere             anywhere

Thanks, I had a typo in my SSHBFP rule removal so they weren't being removed correctly, I'll have a fix out in a few minutes. (not a major issue so don't stress too much).

Edit; 5.0.7 is live
 
I have duplicate rules in filter for a long time too. I've just updated to 5.0.7 but there is still duplicate in my filter.

Code:
Router Model: Fatiii
Skynet Version: v5.0.7 (21/07/2017)
iptables v1.4.14 - (eth0)
ipset v6.32, protocol version: 6
FW Version: 380.67_0 (Jul 16 2017)
Install Dir; /tmp/mnt/entware/skynet (1.9G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/entware
Install Dir Writeable
Startup Entry Detected
Cronjobs Detected
Autobanning Enabled
Debug Mode Enabled
No Duplicate Rules Detected In RAW
Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
BlockedRanges IPTable Detected
Blacklist IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet: [Complete] 154860 IPs / 3689 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 1 Inbound / 0 Outbound Connections Blocked! [1s]
admin@Fatiii:/tmp/home/root#

After updating to 5.0.7 there were no duplicates rules but after 2-3 minutes they appeared again.

here is the output of iptables -L

Code:
admin@Fatiii:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp dpt:1194
logdrop    icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
logdrop    all  --  anywhere             anywhere             state INVALID
PTCSRVWAN  all  --  anywhere             anywhere
PTCSRVLAN  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8082
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:snpp
INPUT_ICMP  icmp --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ipttolan   all  --  anywhere             anywhere
iptfromlan  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
ACCEPT     all  --  anywhere             anywhere
SECURITY   all  --  anywhere             anywhere
NSFW       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination

Chain INPUT_ICMP (1 references)
target     prot opt source               destination
RETURN     icmp --  anywhere             anywhere             icmp echo-request
RETURN     icmp --  anywhere             anywhere             icmp timestamp-request
ACCEPT     icmp --  anywhere             anywhere

Chain NSFW (1 references)
target     prot opt source               destination

Chain PControls (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PTCSRVLAN (1 references)
target     prot opt source               destination

Chain PTCSRVWAN (1 references)
target     prot opt source               destination

Chain SECURITY (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain iptfromlan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan

Chain ipttolan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (8 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             match-set Whitelist src
DROP       tcp  --  anywhere             anywhere             multiport sports www,https,imap2,imaps,pop3,pop3s,smtp,ssmtp state INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST,ACK
LOG        all  --  anywhere             anywhere             state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED                                                                                                                                                                            - NEW BAN] "
SET        all  --  anywhere             anywhere             state INVALID add-set Blacklist src
DROP       all  --  anywhere             anywhere
admin@Fatiii:/tmp/home/root#

my vpn client 1 is active may be it is related.
 
Got this with latest version and banmalware:
Downloading Lists
Filtering IPv4 Addresses
Filtering IPv4 Ranges
Applying Blacklists
find: unrecognized: -maxdepth
BusyBox v1.25.1 (2017-07-16 12:57:53 EDT) multi-call binary.

Usage: find [-HL] [PATH]... [OPTIONS] [ACTIONS]

Search for files and perform actions on them.
First failed action stops processing of current file.
Defaults: PATH is current directory, action is '-print'

-L,-follow Follow symlinks
-H ...on command line only

Actions:
! ACT Invert ACT's success/failure
ACT1 [-a] ACT2 If ACT1 fails, stop, else do ACT2
ACT1 -o ACT2 If ACT1 succeeds, stop, else do ACT2
Note: -a has higher priority than -o
-name PATTERN Match file name (w/o directory name) to PATTERN
-iname PATTERN Case insensitive -name
-mtime DAYS mtime is greater than (+N), less than (-N),
or exactly N days in the past
If none of the following actions is specified, -print is assumed
-print Print file name
-print0 Print file name, NUL terminated
-exec CMD ARG ; Run CMD with all instances of {} replaced by
file name. Fails if CMD exits with nonzero
Warning! This May Have Blocked Your Favorite Website. To Unblock It Use; ( sh /jffs/scripts/firewall whitelist domain URL )
Saving Changes
Skynet: [Complete] 187050 IPs / 3692 Ranges Banned. 187050 New IPs / 3692 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [27s]




EDIT: And unban all seems to have a problem too:

Skynet: [INFO] Removing All 190742 Entries From Blacklist...
ipset v6.32: The set with the given name does not exist
Saving Changes
Skynet: [Complete] 668 IPs / 0 Ranges Banned. -186382 New IPs / -3692 New Ranges Banned. Inbound / Outbound Connections Blocked! [0s]
 
Last edited:
I have duplicate rules in filter for a long time too. I've just updated to 5.0.7 but there is still duplicate in my filter.

Code:
Router Model: Fatiii
Skynet Version: v5.0.7 (21/07/2017)
iptables v1.4.14 - (eth0)
ipset v6.32, protocol version: 6
FW Version: 380.67_0 (Jul 16 2017)
Install Dir; /tmp/mnt/entware/skynet (1.9G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/entware
Install Dir Writeable
Startup Entry Detected
Cronjobs Detected
Autobanning Enabled
Debug Mode Enabled
No Duplicate Rules Detected In RAW
Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
BlockedRanges IPTable Detected
Blacklist IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet: [Complete] 154860 IPs / 3689 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 1 Inbound / 0 Outbound Connections Blocked! [1s]
admin@Fatiii:/tmp/home/root#

After updating to 5.0.7 there were no duplicates rules but after 2-3 minutes they appeared again.

here is the output of iptables -L

Code:
admin@Fatiii:/tmp/home/root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp dpt:1194
logdrop    icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
logdrop    all  --  anywhere             anywhere             state INVALID
PTCSRVWAN  all  --  anywhere             anywhere
PTCSRVLAN  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8082
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:snpp
INPUT_ICMP  icmp --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ipttolan   all  --  anywhere             anywhere
iptfromlan  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
ACCEPT     all  --  anywhere             anywhere
SECURITY   all  --  anywhere             anywhere
NSFW       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination

Chain INPUT_ICMP (1 references)
target     prot opt source               destination
RETURN     icmp --  anywhere             anywhere             icmp echo-request
RETURN     icmp --  anywhere             anywhere             icmp timestamp-request
ACCEPT     icmp --  anywhere             anywhere

Chain NSFW (1 references)
target     prot opt source               destination

Chain PControls (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PTCSRVLAN (1 references)
target     prot opt source               destination

Chain PTCSRVWAN (1 references)
target     prot opt source               destination

Chain SECURITY (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain iptfromlan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan

Chain ipttolan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 172.24.5.0/255.255.255.224 name: lan

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (8 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             match-set Whitelist src
DROP       tcp  --  anywhere             anywhere             multiport sports www,https,imap2,imaps,pop3,pop3s,smtp,ssmtp state INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,ACK
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/RST,ACK
LOG        all  --  anywhere             anywhere             state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED                                                                                                                                                                            - NEW BAN] "
SET        all  --  anywhere             anywhere             state INVALID add-set Blacklist src
DROP       all  --  anywhere             anywhere
admin@Fatiii:/tmp/home/root#

my vpn client 1 is active may be it is related.


Your VPN rules in iptfromlan and iptolan are being duplicated 4 times, not really sure of the reason for this as I don't use the VPN functionality. My guess would be that it has something todo with the 4 lan ports but even then I don't see why the exact same rule would be used.


find: unrecognized: -maxdepth

Oops, didn't realise I was using the entware version of find. Use "update -f" to force update to the latest version which will fix it.

EDIT: And unban all seems to have a problem too:

Looks like you didn't have the firewall active at the time (it looks for the sets to flush but because they aren't loaded it spits out an error)
 
Last edited:
Just did a reinstall

cru l

25 2 * * 1 sh /jffs/scripts/firewall banmalware #Skynet_banmalware#

25 1 * * 1 sh /jffs/scripts/firewall update #Skynet_autoupdate#

0 * * * * sh /jffs/scripts/firewall save #Skynet_save#


jmohr1981@RT-AC5300-B6F0:/jffs/scripts# sh /jffs/scripts/firewall debug info

#!/bin/sh

#############################################################################################################

# _____ _ _ _____ #

# / ____| | | | | ____| #

# | (___ | | ___ _ _ __ ___| |_ __ _| |__ #

# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \ #

# ____) | <| |_| | | | | __/ |_ \ V / ___) | #

# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ |____/ #

# __/ | #

# |___/ #

# #

## - 21/07/2017 - Asus Firewall Addition By Adamm v5.0.7 #

## https://github.com/Adamm00/IPSet_ASUS #

#############################################################################################################



##############################

### Commands ###

##############################

# "unban" # <-- Remove From Blacklist (IP/Range/Domain/Port/Country/Malware/Autobans/Nomanual/All)

# "ban" # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)

# "banmalware" # <-- Bans Various Malware Domains

# "whitelist" # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)

# "import" # <-- Bans All IPs From URL

# "deport" # <-- Unbans All IPs From URL

# "save" # <-- Save Blacklists To ipset.txt

# "disable" # <-- Disable Firewall

# "update" # <-- Update Script To Latest Version (check github for changes)

# "debug" # <-- Debug Features (Restart/Disable/Watch/Info)

# "stats" # <-- Show/Search Stats Of Banned IPs (Requires debugging enabled)

# "install" # <-- Install Script (Or Change Boot Args)

# "uninstall" # <-- Uninstall All Traces Of Skynet

##############################


Router Model: RT-AC5300-B6F0

Skynet Version: v5.0.7 (21/07/2017)

iptables v1.4.14 - (eth0)

ipset v6.32, protocol version: 6

FW Version: 380.67_0 (Jul 16 2017)

Install Dir; /tmp/mnt/sda1/skynet (56.0G Space Available)

Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/sda1

Install Dir Writeable

Startup Entry Detected

Cronjobs Detected

Autobanning Enabled

Debug Mode Disabled

No Duplicate Rules Detected In RAW

No Duplicate Rules Detected In FILTER

Whitelist IPTable Detected

BlockedRanges IPTable Detected

Blacklist IPTable Detected

Whitelist IPSet Detected

BlockedRanges IPSet Detected

Blacklist IPSet Detected

Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 3 Inbound / 0 Outbound Connections Blocked! [1s]

jmohr1981@RT-AC5300-B6F0:/jffs/scripts#
 
Your VPN rules in iptfromlan and iptolan are being duplicated 4 times, not really sure of the reason for this

It's a bug in the ipt_account module, which is unable to delete an existing rule when stopping an OpenVPN instance. It would take someone familiar with netfilter kernel code to debug this, as I can't figure out what's wrong, and the author of that module disappeared years ago. He didn't even answer any email when I was trying to fix his module not working at all on 2.6.36 (I at last managed to fix that particular bug back then).
 
This is from my log, rebooted yesterday

Jul 20 20:16:59 Skynet: [INFO] Lock File Detected (pid=1024) - Exiting
Jul 20 20:17:03 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 187748 New IPs / 3695 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [12s]
Jul 20 20:17:12 crond[577]: time disparity of 1036816 minutes detected
Jul 20 20:24:01 dropbear[2929]: Child connection from 192.168.1.125:55291
Jul 20 20:24:10 dropbear[2929]: Password auth succeeded for '***' from 192.168.1.125:55291
Jul 20 21:00:00 crond[577]: USER *** pid 9413 cmd sh /jffs/scripts/firewall save
Jul 20 21:00:05 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 31 Inbound / 0 Outbound Connections Blocked! [5s]
Jul 20 21:00:52 disk_monitor: Got SIGALRM...
Jul 20 21:25:09 dropbear[14021]: Child connection from 192.168.1.1:39189
Jul 20 21:25:52 dropbear[14021]: Password auth succeeded for '***' from 192.168.1.1:39189
Jul 20 22:00:00 crond[577]: USER *** pid 20243 cmd sh /jffs/scripts/firewall save
Jul 20 22:00:05 Skynet: [Complete] 187749 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 81 Inbound / 13 Outbound Connections Blocked! [5s]
Jul 20 23:00:00 crond[577]: USER *** pid 31133 cmd sh /jffs/scripts/firewall save
Jul 20 23:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 2 New IPs / 0 New Ranges Banned. 135 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 20 23:00:52 disk_monitor: Got SIGALRM...
Jul 21 00:00:00 crond[577]: USER *** pid 9544 cmd sh /jffs/scripts/firewall save
Jul 21 00:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 182 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 01:00:00 crond[577]: USER *** pid 20354 cmd sh /jffs/scripts/firewall save
Jul 21 01:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 233 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 02:00:00 crond[577]: USER *** pid 31161 cmd sh /jffs/scripts/firewall save
Jul 21 02:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 290 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 03:00:00 crond[577]: USER *** pid 9833 cmd sh /jffs/scripts/firewall save
Jul 21 03:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 347 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:00:00 crond[577]: USER *** pid 20642 cmd sh /jffs/scripts/firewall save
Jul 21 04:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 387 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:24:14 dropbear[2929]: Exit (***): Error reading: Connection timed out
Jul 21 04:24:14 dropbear[14021]: Exit (***): Exited normally
Jul 21 05:00:00 crond[577]: USER *** pid 31453 cmd sh /jffs/scripts/firewall save
Jul 21 05:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 450 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 06:00:00 crond[577]: USER *** pid 9942 cmd sh /jffs/scripts/firewall save
Jul 21 06:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 504 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 07:00:01 crond[577]: USER *** pid 20750 cmd sh /jffs/scripts/firewall save
Jul 21 07:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 549 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 08:00:00 crond[577]: USER *** pid 31555 cmd sh /jffs/scripts/firewall save
Jul 21 08:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 593 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 09:00:00 crond[577]: USER *** pid 9965 cmd sh /jffs/scripts/firewall save
Jul 21 09:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 637 Inbound / 90 Outbound Connections Blocked! [4s]
 
This is from my log, rebooted yesterday

Jul 20 20:16:59 Skynet: [INFO] Lock File Detected (pid=1024) - Exiting
Jul 20 20:17:03 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 187748 New IPs / 3695 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [12s]
Jul 20 20:17:12 crond[577]: time disparity of 1036816 minutes detected
Jul 20 20:24:01 dropbear[2929]: Child connection from 192.168.1.125:55291
Jul 20 20:24:10 dropbear[2929]: Password auth succeeded for '***' from 192.168.1.125:55291
Jul 20 21:00:00 crond[577]: USER *** pid 9413 cmd sh /jffs/scripts/firewall save
Jul 20 21:00:05 Skynet: [Complete] 187748 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 31 Inbound / 0 Outbound Connections Blocked! [5s]
Jul 20 21:00:52 disk_monitor: Got SIGALRM...
Jul 20 21:25:09 dropbear[14021]: Child connection from 192.168.1.1:39189
Jul 20 21:25:52 dropbear[14021]: Password auth succeeded for '***' from 192.168.1.1:39189
Jul 20 22:00:00 crond[577]: USER *** pid 20243 cmd sh /jffs/scripts/firewall save
Jul 20 22:00:05 Skynet: [Complete] 187749 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 81 Inbound / 13 Outbound Connections Blocked! [5s]
Jul 20 23:00:00 crond[577]: USER *** pid 31133 cmd sh /jffs/scripts/firewall save
Jul 20 23:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 2 New IPs / 0 New Ranges Banned. 135 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 20 23:00:52 disk_monitor: Got SIGALRM...
Jul 21 00:00:00 crond[577]: USER *** pid 9544 cmd sh /jffs/scripts/firewall save
Jul 21 00:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 182 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 01:00:00 crond[577]: USER *** pid 20354 cmd sh /jffs/scripts/firewall save
Jul 21 01:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 233 Inbound / 14 Outbound Connections Blocked! [5s]
Jul 21 02:00:00 crond[577]: USER *** pid 31161 cmd sh /jffs/scripts/firewall save
Jul 21 02:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 290 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 03:00:00 crond[577]: USER *** pid 9833 cmd sh /jffs/scripts/firewall save
Jul 21 03:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 347 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:00:00 crond[577]: USER *** pid 20642 cmd sh /jffs/scripts/firewall save
Jul 21 04:00:05 Skynet: [Complete] 187751 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 387 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 04:24:14 dropbear[2929]: Exit (***): Error reading: Connection timed out
Jul 21 04:24:14 dropbear[14021]: Exit (***): Exited normally
Jul 21 05:00:00 crond[577]: USER *** pid 31453 cmd sh /jffs/scripts/firewall save
Jul 21 05:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 450 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 06:00:00 crond[577]: USER *** pid 9942 cmd sh /jffs/scripts/firewall save
Jul 21 06:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 504 Inbound / 81 Outbound Connections Blocked! [5s]
Jul 21 07:00:01 crond[577]: USER *** pid 20750 cmd sh /jffs/scripts/firewall save
Jul 21 07:00:05 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 549 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 08:00:00 crond[577]: USER *** pid 31555 cmd sh /jffs/scripts/firewall save
Jul 21 08:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 593 Inbound / 81 Outbound Connections Blocked! [4s]
Jul 21 09:00:00 crond[577]: USER *** pid 9965 cmd sh /jffs/scripts/firewall save
Jul 21 09:00:04 Skynet: [Complete] 187752 IPs / 3695 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 637 Inbound / 90 Outbound Connections Blocked! [4s]


The logs look fine (besides the crond print not being removed which will be fixed in a future update).

Right now Skynet is saving hourly as it should, and is taking 4-5 seconds to issue the command which is to be expected.
 
When it saves my entire network stalls for a minute or two. Also, what did I do wrong or should I be following to ensure the firewall is working in this process? All I did was install the script etc.

Thanks
 
When it saves my entire network stalls for a minute or two.

Define "my network stalls". This briefly has an impact on CPU usage, but should not affect your connection (especially to the point where its noticeable to the end user).

Also, beyond that 4-5 second save period, Skynet doesn't do anything until manually run or until the next save command is run. Most of the leg work is handled by IPTables, so I'm not even sure its possible for it to "stall" a connection for minutes after its been executed.

Also, what did I do wrong or should I be following to ensure the firewall is working in this process?

Everything looks fine to me, if/when there is a problem we can give advise from there. But for the most part the current version of the script is stable and there are no known issues that should affect users.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top