What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I just installed this with the command on page 1 and get this?

What is the output of the following;

Code:
ls /lib/modules/



When Skynet is active, can I disable the default firewall? (to make you understand better, I found this image on the internet)

Yes, Skynet requires this setting and will force it to on.
 
Maybe there's a conflict then....the repo showsView attachment 10642

That's the userspace part, which isn't included in Asuswrt. I just didn't have to apply any kernel patches since the modules were already in the kernel source tree.
 
Correct me if I'm wrong; you should not disable firewall in UI. Skynet is a script for firewall so if you disable firewall you'll also disable Skynet.

Thanks!

Yes, Skynet requires this setting and will force it to on.

Thanks, Adamm. I'll keep it ON!
I did not think it would work with Skynet. Thanks again
 
Here you go
Code:
ASUSWRT-Merlin RT-AC5300 380.68-4 Wed Oct  4 19:03:28 UTC 2017
admin@RT-AC5300-7380:/tmp/home/root# ls /lib/modules/
2.6.36.4brcmarm
admin@RT-AC5300-7380:/tmp/home/root#

So I need
What is the output of the following;

Code:
ls /lib/modules/





Yes, Skynet requires this setting and will force it to on.
 
What is the output of the following;

Code:
ls /lib/modules/

I have the same problem as Raphie.

Code:
ASUSWRT-Merlin RT-AC68U 380.68-4 Wed Oct  4 19:01:14 UTC 2017

alinaj@RT-AC68U-FC28:/tmp/home/root# ls /lib/modules/

2.6.36.4brcmarm

alinaj@RT-AC68U-FC28:/tmp/home/root# sh /jffs/scripts/firewall install

#!/bin/sh

#############################################################################################################

#         _____ _                     _           _____     #

#       / ____| |                   | |         | ____|     #

#       | (___ | | ___   _ _ __   ___| |_  __   _| |__      #

#       \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \     #

#       ____) |   <| |_| | | | |  __/ |_   \ V / ___) |     #

#       |_____/|_|\_\\__, |_| |_|\___|\__|   \_/ |____/     #

#                     __/ |                                 #

#                   |___/                                  #

#     #

## - 08/10/2017 -   Asus Firewall Addition By Adamm v5.2.3     #

##   https://github.com/Adamm00/IPSet_ASUS     #

#############################################################################################################



##############################

###   Commands   ###

##############################

#   "unban"     # <-- Remove From Blacklist (IP/Range/Domain/Port/Comment/Country/Malware/Autobans/Nomanual/All)

#   "ban"     # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)

#   "banmalware"     # <-- Bans Various Malware Domains

#   "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove/Refresh/List)

#   "import"     # <-- Bans All IPs From URL

#   "deport"     # <-- Unbans All IPs From URL

#   "save"     # <-- Save Blacklists To ipset.txt

#   "disable"     # <-- Disable Firewall

#   "update"     # <-- Update Script To Latest Version (check github for changes)

#   "debug"     # <-- Debug Features (Restart/Disable/Watch/Info)

#   "stats"     # <-- Show/Search Stats Of Banned IPs (Requires debugging enabled)

#   "install"          # <-- Install Script (Or Change Boot Args)

#   "uninstall"        # <-- Uninstall All Traces Of Skynet

##############################


Skynet: [ERROR] IPSet Extensions Not Enabled - Please Update To 380.68 / V26E3 Or Newer Firmware

alinaj@RT-AC68U-FC28:/tmp/home/root#
 
Last edited:
I've been watching Skynet closely learning and checking what gets blocked and banned to educate myself. (I'm an old guy with no computer pro background, all self taught. In my life I was mid-30's before anyone had home computers.)

I've seen two or three updates as you tweak and fix things (thank you very much) but this seems odd behavior that is not consistent between three different views. I'm up to date.
09/10/2017 - Asus Firewall Addition By Adamm v5.2.4

Most of the time I have a terminal open using "firewall debug watch" to see. Over a couple hours nothing showed in that terminal.
Code:
Watching Logs For Debug Entries (ctrl +c) To Stop
^C

During that time period of about two hours these showed in the router syslog:
Code:
Oct  8 17:56:01 Skynet: [Complete] 571 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 19 Inbound / 17 Outbound Connections Blocked! [4s]
Oct  8 18:00:01 Skynet: [Complete] 572 IPs / 0 Ranges Banned. 1 New IPs / 0 New Ranges Banned. 19 Inbound / 17 Outbound Connections Blocked! [1s]

Then I ran "firewall stats" in the terminal and found these new entries during the time period.
Code:
Last 10 Autobans;

https://otx.alienvault.com/indicator/ip/72.166.126.32
https://otx.alienvault.com/indicator/ip/23.215.102.137
https://otx.alienvault.com/indicator/ip/23.215.102.163

I've been checking these three view since I installed Skynet on my AC-68U five days ago, and all showed the same items banned or blocked if I remember, but with the update today to v.5.2.4 I see the above. Am I not remembering correctly on these views or is something changed?
 
Works. Ow ThnX!
I had to install a 2nd time enabling debugging for “stats” to work, (I missread) will these logs be periodically cleaned? Or will they just grow into eternity?

Curious to see who’s reaching out to me :)
Just to be clear, this tool will not gradually shut down regular traffic initiated by family surfing behaviour, bittorrent etc? So that with every wan port connection the wan IP gets autobanned? It’s really only unsollicited port scan attemps correct?
 
things look ok now I think?

just no autobans yet
Code:
Router Model; RT-AC5300
Skynet Version; v5.2.4 (09/10/2017)
iptables v1.4.14 - (eth0)
ipset v6.32, protocol version: 6
FW Version; 380.68_4 (Oct 4 2017)
Install Dir; /tmp/mnt/AB-Solution/skynet (963.7M Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/AB-Solution
Install Dir Writeable
Startup Entry Detected
No Lock File Found
Cronjobs Detected
IPSet Supports Comments
Level 5 Messages Will Be Logged
Autobanning Enabled
Debug Mode Enabled
No Duplicate Rules Detected In RAW
No Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
Skynet IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet IPSet Detected
Skynet: [Complete] 0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [2s]
admin@RT-AC5300-7380:/tmp/home/root#
 
I've seen two or three updates as you tweak and fix things (thank you very much) but this seems odd behavior that is not consistent between three different views. I'm up to date.
09/10/2017 - Asus Firewall Addition By Adamm v5.2.4

Overall functionality hasn't changed in months.

During that time period of about two hours these showed in the router syslog:

Those logging entries will show every time you run a command or at the top of each hour on a cronjob.

Just to be clear, this tool will not gradually shut down regular traffic initiated by family surfing behaviour, bittorrent etc? So that with every wan port connection the wan IP gets autobanned? It’s really only unsollicited port scan attemps correct?

This script will block all traffic specified on the blacklists. The autobans mainly consist of port-scan attempts.

things look ok now I think?

just no autobans yet

Looks like everything is working perfect :p
 
Overall functionality hasn't changed in months.

Those logging entries will show every time you run a command or at the top of each hour on a cronjob.
Thank you for the reply. I understand both these points which is why I went into so much detail above.

tl;dr question is why bans show in
Code:
sh /jffs/scripts/firewall stats
but not while running
Code:
sh /jffs/scripts/firewall debug watch
 
I installed Skynet on a dedicated partition (in my 4gb usb key).
I left firewall enabled by gui.

Code:
Router Model; RT-AC3200
Skynet Version; v5.2.4 (09/10/2017)
iptables v1.4.14 - (ppp0)
ipset v6.32, protocol version: 6
FW Version; 380.68_4 (Oct 4 2017)
Install Dir; /tmp/mnt/Skynet/skynet (1.2G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt          /Skynet
Install Dir Writeable
Startup Entry Detected
No Lock File Found
Cronjobs Detected
IPSet Supports Comments
Level 5 Messages Will Be Logged
Autobanning Enabled
Debug Mode Enabled
No Duplicate Rules Detected In RAW
No Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
Skynet IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet IPSet Detected
Skynet: [Complete] 160953 IPs / 2089 Ranges Banned. 0 New IPs / 0 New Ranges Ban         ned. 48 Inbound / 0 Outbound Connections Blocked! [3s]

I think it's okay, right?
Thanks so much!
 
I installed Skynet on a dedicated partition (in my 4gb usb key).
I left firewall enabled by gui.

Code:
Router Model; RT-AC3200
Skynet Version; v5.2.4 (09/10/2017)
iptables v1.4.14 - (ppp0)
ipset v6.32, protocol version: 6
FW Version; 380.68_4 (Oct 4 2017)
Install Dir; /tmp/mnt/Skynet/skynet (1.2G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt          /Skynet
Install Dir Writeable
Startup Entry Detected
No Lock File Found
Cronjobs Detected
IPSet Supports Comments
Level 5 Messages Will Be Logged
Autobanning Enabled
Debug Mode Enabled
No Duplicate Rules Detected In RAW
No Duplicate Rules Detected In FILTER
Whitelist IPTable Detected
Skynet IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet IPSet Detected
Skynet: [Complete] 160953 IPs / 2089 Ranges Banned. 0 New IPs / 0 New Ranges Ban         ned. 48 Inbound / 0 Outbound Connections Blocked! [3s]

I think it's okay, right?
Thanks so much!

Looks good!
 
Thank you for the reply. I understand both these points which is why I went into so much detail above.

tl;dr question is why bans show in
Code:
sh /jffs/scripts/firewall stats
but not while running
Code:
sh /jffs/scripts/firewall debug watch


Running the watch command "purges" the logs as it is run, so it was probably then the log was cleared.

I think it's okay, right?
Thanks so much!

Yes looks fine
 
Running the watch command "purges" the logs as it is run, so it was probably then the log was cleared.
Ah ha. Thank you. I read about 30 pages of this thread yesterday, I do remember seeing that earlier in the thread. So much to learn. :oops:
 
hehehe :p seems to work then :D

Skynet: [Complete] 161774 IPs / 2120 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 163 Inbound / 74 Outbound Connections Blocked! [2s]
admin@RT-AC5300-7380:/tmp/home/root#
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top