What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The installation ran.
Debug shows the following:
Router Model; RT-AC86U
Skynet Version; v5.2.2 (07/10/2017)
iptables v1.4.12.2 - (eth0)
ipset v6.32, protocol version: 6
FW Version; 382.1_alpha3-g2d0d52d (Oct 6 2017)
Install Dir; /jffs (48.0M Space Available)
grep: /jffs/scripts/firewall-start: No such file or directory
Boot Args;
grep: /jffs/scripts/ipset.txt: No such file or directory
Install Dir Writeable
grep: /jffs/scripts/firewall-start: No such file or directory
Startup Entry Not Detected
No Lock File Found
Cronjobs Not Detected
IPSet Doesn't Support Comments - Please Update To 380.68 / V26E3 Or Newer Firmware
Level 5 Messages Will Be Logged
Autobanning Disabled
Debug Mode Disabled
No Duplicate Rules Detected In RAW
No Duplicate Rules Detected In FILTER
Whitelist IPTable Not Detected
Skynet IPTable Not Detected
Whitelist IPSet Not Detected
BlockedRanges IPSet Not Detected
Blacklist IPSet Not Detected
Skynet IPSet Not Detected
Skynet: [Complete] IPs / Ranges Banned. 0 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked! [0s]
Trying to ban malaware but its not working.
Removing Previous Malware Bans sed: /jffs/scripts/ipset.txt: No such file or dir ectory
[0s]
Downloading filter.list [0s]
Whitelisting Shared Domains sed: /jffs/scripts/ipset.txt: No such file or direct ory
Consolidating Blacklist [4s]
Filtering IPv4 Addresses [1s]
Filtering IPv4 Ranges [0s]
Applying Blacklists ipset v6.32: Error in line 1: The set with the given name do es not exist
Saving Changes [0s]
Warning! This May Have Blocked Your Favorite Website. To Unblock It Use; ( sh /j ffs/scripts/firewall whitelist domain URL )
Skynet: [Complete] IPs / Ranges Banned. 0 New IPs / 0 New Ranges Banned. Inbo und / Outbound Connections Blocked! [7s]

Running "sh /jffs/scripts/firewall install" still gives;
Skynet: [ERROR] IPSet Extensions Not Enabled - Please Update To 380.68 / V26E3 Or Newer Firmware
 
Create firewall-start and set it as executive. Once that is done, Re-run the installation
 
Executive = executable
I just hate autocorrect on iPhone!
 
@.TT. As stated above, seems installation didn't complete.

Try once again force the update (this should download v5.2.3).

Then re-run the install command.
 
@Adamm Are you planning on supporting the ac86u?
Unable to install at the moment.
Skynet: [ERROR] IPSet Extensions Not Enabled - Please Update To 380.68 / V26E3 Or Newer Firmware
The changes I made to ipset 6 to support the earlier kernel probably will need to be reviewed (my guess is that they will need to be backed out). There's also a config file that I changed from a dynamic generation to a customized static file that will probably need to be regenerated for the newer kernel.
 
Last edited:
@Adamm Install command still fails
@yk101 No luck with manual file.

Okay I can see why its failing, the specific module Skynet searches for to test if IPSet is updated isn't present. This will require the changes John mentioned above at a firmware level so not much we can do for the time being. But I will do my best to support these fixes when they come available (and hopefully find a better method of contacting Asus!)
 
Okay I can see why its failing, the specific module Skynet searches for to test if IPSet is updated isn't present. This will require the changes John mentioned above at a firmware level so not much we can do for the time being. But I will do my best to support these fixes when they come available (and hopefully find a better method of contacting Asus!)
Thanks again =)
 
But I will do my best to support these fixes when they come available (and hopefully find a better method of contacting Asus!)
In this case, ASUS will probably give you a 'huh...what?' :)
IPSET 6 was definitely a Merlin/Fork add....I'm not even sure if the ASUS firmware supports any version of IPSET.
 
In this case, ASUS will probably give you a 'huh...what?' :)
IPSET 6 was definitely a Merlin/Fork add....I'm not even sure if the ASUS firmware supports any version of IPSET.

It definitely was, I was implying more in regards to device availability. Unfortunately ASUS support system has been a bust, can't even get an automated reply after 4 attempts
 
In this case, ASUS will probably give you a 'huh...what?' :)
IPSET 6 was definitely a Merlin/Fork add....I'm not even sure if the ASUS firmware supports any version of IPSET.

The ipset kernel modules are actually part of the 4.1 kernel in Asus's GPL. I only added the userspace part, and enabled the modules in config_base.6a.
 
The ipset kernel modules are actually part of the 4.1 kernel in Asus's GPL. I only added the userspace part, and enabled the modules in config_base.6a.
Maybe there's a conflict then....the repo shows
ipset382.PNG
 
I just installed this with the command on page 1 and get this?
Skynet: [ERROR] IPSet Extensions Not Enabled - Please Update To 380.68 / V26E3 Or Newer Firmware
Code:
ASUSWRT-Merlin RT-AC5300 380.68-4 Wed Oct  4 19:03:28 UTC 2017
admin@RT-AC5300-7380:/tmp/home/root# /usr/sbin/wget -O /jffs/scripts/firewall ht
tps://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh
--2017-10-08 09:59:04--  https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/ma                                                                                                                                                                                                                                             ster/firewall.sh
Resolving raw.githubusercontent.com... 151.101.36.133
Connecting to raw.githubusercontent.com|151.101.36.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 53049 (52K) [text/plain]
Saving to: '/jffs/scripts/firewall'

/jffs/scripts/firew 100%[=====================>]  51.81K  --.-KB/s   in 0.02s

2017-10-08 09:59:05 (2.46 MB/s) - '/jffs/scripts/firewall' saved [53049/53049]

admin@RT-AC5300-7380:/tmp/home/root# chmod +x /jffs/scripts/firewall
admin@RT-AC5300-7380:/tmp/home/root# sh /jffs/scripts/firewall install
#!/bin/sh
#############################################################################################################
#                               _____ _                     _           _____                               #
#                              / ____| |                   | |         | ____|                              #
#                             | (___ | | ___   _ _ __   ___| |_  __   _| |__                                #
#                              \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \                               #
#                              ____) |   <| |_| | | | |  __/ |_   \ V / ___) |                              #
#                             |_____/|_|\_\\__, |_| |_|\___|\__|   \_/ |____/                               #
#                                           __/ |                                                           #
#                                          |___/                                                            #
#                                                                                                           #
## - 08/10/2017 -                  Asus Firewall Addition By Adamm v5.2.3                                   #
##                                 https://github.com/Adamm00/IPSet_ASUS                                    #
#############################################################################################################


##############################
###       Commands         ###
##############################
#         "unban"            # <-- Remove From Blacklist (IP/Range/Domain/Port/Comment/Country/Malware/Autobans/Nomanual/All)
#         "ban"              # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
#         "banmalware"       # <-- Bans Various Malware Domains
#         "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove/Refresh/List)
#         "import"           # <-- Bans All IPs From URL
#         "deport"           # <-- Unbans All IPs From URL
#         "save"             # <-- Save Blacklists To ipset.txt
#         "disable"          # <-- Disable Firewall
#         "update"           # <-- Update Script To Latest Version (check github for changes)
#         "debug"            # <-- Debug Features (Restart/Disable/Watch/Info)
#         "stats"            # <-- Show/Search Stats Of Banned IPs (Requires debugging enabled)
#         "install"          # <-- Install Script (Or Change Boot Args)
#         "uninstall"        # <-- Uninstall All Traces Of Skynet
##############################

Skynet: [ERROR] IPSet Extensions Not Enabled - Please Update To 380.68 / V26E3 Or Newer Firmware
admin@RT-AC5300-7380:/tmp/home/root#

I’m on an RT-AC5300 with latest merlin 380.68-4
What am I doing wrong? Is my router not supported?
Please advise?
 
Last edited:
Hello!

I have a question:

I created a Skynet partition on my USB stick(i've three partition: Ab-Solution, Entware and Skynet). I'll install the firewall in Skynet.

When Skynet is active, can I disable the default firewall? (to make you understand better, I found this image on the internet)

Thanks so much!

asus-rt-n66u-firewall.jpg
 
Hello!

I have a question:

I created a Skynet partition on my USB stick(i've three partition: Ab-Solution, Entware and Skynet). I'll install the firewall in Skynet.

When Skynet is active, can I disable the default firewall? (to make you understand better, I found this image on the internet)

Thanks so much!

asus-rt-n66u-firewall.jpg

Correct me if I'm wrong; you should not disable firewall in UI. Skynet is a script for firewall so if you disable firewall you'll also disable Skynet.
 
This is what it should look like after fresh skynet install.
 

Attachments

  • Screenshot-2017-10-8 ASUS Wireless Router RT-AC3100 - General.png
    Screenshot-2017-10-8 ASUS Wireless Router RT-AC3100 - General.png
    53 KB · Views: 809

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top