Skynet Skynet - Router Firewall & Security Enhancements

[thelonelycoder]

Force an update to the latest version (v5.3.5). I was doing some work on this command today (along with others) and corrected a bug and added some valid input checking. I also changed the CLI command to;

sh /jffs/scripts/firewall whitelist remove entry 104.16.75.76

Haha, fcking blinking red text:

Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/entware) (pid=17671)
Whitelist IPTable Not Detected
Skynet IPTable Not Detected
BlockedRanges IPSet Not Detected
Skynet IPSet Not Detected

 

[Adamm]

Haha, fcking blinking red text:

I figured no one could possibly miss it

 

[thelonelycoder]

So, it's not clear from the hard to read red blinking text why it's showing it and what a user is supposed to do.
The answer is: Wait, it updates the db/banlists and loads the rules.
After a while when reloading the menu it disappears.

 

[Butterfly Bones]

Force an update to the latest version (v5.3.5). I was doing some work on this command today (along with others) and corrected a bug and added some valid input checking. I also changed the CLI command to;

sh /jffs/scripts/firewall whitelist remove entry 104.16.75.76

I should just learn to run update before I do anything else, knowing how you keep tweaking.

 

[thelonelycoder]

And thanks for the new option [8]

 

[Adamm]

hard to read red blinking text

I use Xshell 5 and it is pretty clear on my screen atleast, maybe in other terminals the font type isn't as great. Will keep that in mind

why it's showing it and what a user is supposed to do

This was originally a cut and paste from the debug info command. With that being said you are right it isn't totally clear to an inexperienced user what they are supposed to do (and that it will only appear for about 40 seconds after a firewall restart or reboot). I'll work on relaying this information better.

I should just learn to run update before I do anything else, knowing how you keep tweaking.

Yeah its always a good idea to see if there's an update if you run into any issues, I usually find and correct them quite fast. Good news is I'm pretty happy with the current state of the menu, I've gotten all the core functionality implemented that I initially hoped for and there are no outstanding bugs that I know of. Any changes going forward will probably be aesthetic more than anything.

And thanks for the new option [8]

No worries, was a good suggestion.

 

[Butterfly Bones]

Yeah its always a good idea to see if there's an update if you run into any issues, I usually find and correct them quite fast. Good news is I'm pretty happy with the current state of the menu, I've gotten all the core functionality implemented that I initially hoped for and there are no outstanding bugs that I know of. Any changes going forward will probably be aesthetic more than anything.

Yeah, right. I know how these things go, every time one thinks it is complete another improvement comes to mind.

and...

Lubarsky's Law of Cybernetic Entomology

"There is *always* one more bug."

 

[alexandro]

Can't ban country from menu, CLI. Separate and by one.

Removing Previous Country Bans
sed: /jffs/scripts/ipset.txt: No such file or directory
Banning Known IP Ranges For cn
Downloading Lists
Filtering IPv4 Ranges & Applying Blacklists
ipset v6.32: Error in line 1: The set with the given name does not exist
Skynet: [Complete] IPs / Ranges Banned. 0 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked! [1s]​

 

[Adamm]

Can't ban country from menu, CLI. Separate and by one.

Removing Previous Country Bans
sed: /jffs/scripts/ipset.txt: No such file or directory
Banning Known IP Ranges For cn
Downloading Lists
Filtering IPv4 Ranges & Applying Blacklists
ipset v6.32: Error in line 1: The set with the given name does not exist
Skynet: [Complete] IPs / Ranges Banned. 0 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked! [1s]​

Skynet doesn't look installed, can you post the output of the following;

sh /jffs/scripts/firewall debug info

 

[steelskinz]

Any chance we could get stats weekly by mail like in ABS ?

 

[Raphie]

Just ran the update, i rather just see the debug status with the
Skynet: [Complete] 138566 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 6 Inbound / 0 Outbound Connections Blocked! [1s] status.

 

[Adamm]

Any chance we could get stats weekly by mail like in ABS ?

By all means its possible, but I don't think the current design of Skynet's stats would fit this. Skynet doesn't rotate logs on a regular basis, it purges them when the log file reaches a certain size (7MB). For some people this may take a month, for others it may only take a few days. With that being said, if Skynet were to send logs on lets say a weekly basis, you may only get a few days worth, or it could be a whole month worth of logs compiled. I'll keep it in mind for future, but for now you're probably best off just doing this externally with a cronjob with the contents of the email being the output of the stats command.

Just ran the update, i rather just see the debug status with the

Please elaborate, not quite sure what you mean.

 

[Raphie]

When I now type firewall I no longer see the status.

 

[Adamm]

When I now type firewall I no longer see the status.

Ah. Yes I cut down the main menu version to only show important information as having the full debug info seemed too cluttered. In the event there is an error it will appear blinking red, but if everything is working fine you will just see a minimal version.

For example;

 

[thelonelycoder]

Any chance we could get stats weekly by mail like in ABS ?

Meanwhile, you could include the logfile in the AB-Solution router backup function bu. Select "3. --> Custom" and fill in adblocking/custom_files/custom_backup_settings.txt with the file location, along with other files you want to be saved.
Examples are given in the file custom_backup_settings.txt.

 

[chchia]

Hi Adamm, thank you for the nice script.

i have a question, if someone from WAN is trying to attempt login to my router with SSH, and he failed more than 3 times, will the script autoban him?

i had been receiving some brute force attack to my router, hoping this script can solve my problem.

my problem was on another thread here
https://www.snbforums.com/threads/is-there-a-way-to-block-certain-ip-from-wan.41712/

 

[Adamm]

Hi Adamm, thank you for the nice script.

i have a question, if someone from WAN is trying to attempt login to my router with SSH, and he failed more than 3 times, will the script autoban him?

i had been receiving some brute force attack to my router, hoping this script can solve my problem.

my problem was on another thread here
https://www.snbforums.com/threads/is-there-a-way-to-block-certain-ip-from-wan.41712/

Yes Skynet should pick up this and other port scanning activity quite smoothly.

 

[chchia]

thank you sir for this great utility!

by the way, will the ip become blocked permanently? or it will be release after certain days?

 

[Raphie]

I didn't explain myself well enough, apologies what I meant was, before I typed firewall without arguments and it always displayed a status at the bottom,

Skynet: [Complete] 138566 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 685 Inbound / 379 Outbound Connections Blocked! [28s]

Now I need to type 11 and then 3 to display it.
the red warning lines, of things that aren't as they supposed to be, are nice, but I'm really more interested in blocking snapshots / summaries as before.

Ah. Yes I cut down the main menu version to only show important information as having the full debug info seemed too cluttered. In the event there is an error it will appear blinking red, but if everything is working fine you will just see a minimal version.

For example;

 

[Adamm]

before I typed firewall without arguments and it always displayed a status at the bottom

Skynet only shows this summary when its completed a task (or you use an invalid command). I'm toying around with adding this information to the main menu, but it looks out of place. So will keep playing around with it until I find something I like.