What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

For some reason Skynet started blocking google.com since Thurdaynight, dissabling Skynet or rebooting fixes it for a while but for some reason it gets blocked again shortly after. The whitelist says there is nothing to whitelist. This happened since the latest update I think? Any thoughts?


Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and unban) anything incorrectly on your Blacklist!

1.) Enable Debug Mode via the installer
Code:
sh /jffs/scripts/firewall install

2.) Open the blocked application/website and use the command;

Code:
sh /jffs/scripts/firewall debug watch

Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;
Code:
DST=175.115.37.52

4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault.

Code:
https://otx.alienvault.com/indicator/ip/175.115.37.52/

5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

Code:
sh /jffs/scripts/firewall whitelist ip 175.115.37.52
 
I took a shot at it, and after spending nearly two hours on this, I'm giving up - it's simply more work than I'm willing to put into porting one single module, sorry. Someone else will have to do it. The whole ipset implementation in 4.1 would probably need to be updated, and just updating from the ipset6.32 tarball simply fails, like it also did for 2.6.xx - they don't provide any compatible kernel in their tarballs for some odd reason.
 
I took a shot at it, and after spending nearly two hours on this, I'm giving up - it's simply more work than I'm willing to put into porting one single module, sorry. Someone else will have to do it. The whole ipset implementation in 4.1 would probably need to be updated, and just updating from the ipset6.32 tarball simply fails, like it also did for 2.6.xx - they don't provide any compatible kernel in their tarballs for some odd reason.

Thanks for trying. Will see if I can avoid using that module in particular, just hoping there's no other functionality missing.

If anyone with a AC86U (or model on the .382 codebase) can test the latest version of Skynet I just pushed, let me know if it works.

@.TT. @SeaConn @hvluu @skeal

Please note you will need 382.1 Beta 3, not sure if there's a compiled version out for it yet, in which case you may need to wait until its officially pushed.
 
Last edited:
I can confirm that comments are working on the RT-AC86U.

Code:
admin@Stargate86:/tmp/home/root# ipset create Test hash:ip comment
admin@Stargate86:/tmp/home/root# ipset -A Test 8.8.8.8 comment foobar
admin@Stargate86:/tmp/home/root# ipset -L Test
Name: Test
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 comment
Size in memory: 16560
References: 0
Members:
8.8.8.8 comment "foobar"
 
Great Adamm, thank you. Now I did something stupid, Before I read above I unbanned all autobans, so I did see a list of like 20 entries or so being unbanned and everything works again.

I guess my next question is: how I can reset Skynet to “virgin state” so it starts autobanning those again and I can follow your steps above to deal with this correctly?
 
Thanks for trying. Will see if I can avoid using that module in particular, just hoping there's no other functionality missing.

If anyone with a AC86U (or model on the .382 codebase) can test the latest version of Skynet I just pushed, let me know if it works.

@.TT. @SeaConn @hvluu @skeal

Please note you will need 382.1 Beta 3, not sure if there's a compiled version out for it yet, in which case you may need to wait until its officially pushed.
I'm trying to build a pre-beta 3 that just include the xt_set module but no luck :D I'm new at this so still trying to figure out little by little
 
Great Adamm, thank you. Now I did something stupid, Before I read above I unbanned all autobans, so I did see a list of like 20 entries or so being unbanned and everything works again.

I guess my next question is: how I can reset Skynet to “virgin state” so it starts autobanning those again and I can follow your steps above to deal with this correctly?

Unbanning autobans is just a one time deal, its not a setting so to speak, so Skynet should still be operating as per usual.

I'm trying to build a pre-beta 3 that just include the xt_set module but no luck :D I'm new at this so still trying to figure out little by little

Best wait for @RMerlin to upload a copy then, Asus's codebase is a nightmare to compile even on good days :p
 
Installation is still a no go.

Router Model; RT-AC86U
Skynet Version; v5.3.8 (29/10/2017)
iptables v1.4.14 - (eth0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
FW Version; 382.1_beta3-gb19a332 (Oct 29 2017) (4.1.27)
Install Dir; /tmp/mnt/Asus/skynet (54.9G Space Available)
Boot Args; /jffs/scripts/firewall start banmalware autoupdate usb=/tmp/mnt/Asus
Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/Asus) (pid=1446)
Whitelist IPTable Not Detected
Skynet IPTable Not Detected
0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. Inbound / Outbound Connections Blocked!
Updating banmalware (3) gives following error and reboots the router.
https://pastebin.com/nnab7nHR
 
I downloaded and installed Beta3 from here: https://m.mediafire.com/folder/bj94sbhrh7e49

I ran the install script from page 1 of this forum. I installed it in debug mode, using all of the default options. Everything appeared to install okay. There weren't any errors.

My System Log looks like this:

Code:
Oct 29 01:45:01 rc_service: service 3599:notify_rc restart_firewall
Oct 29 01:45:01 miniupnpd[2595]: shutting down MiniUPnPd
Oct 29 01:45:01 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Oct 29 01:45:01 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Oct 29 01:45:01 miniupnpd[3625]: HTTP listening on port 54646
Oct 29 01:45:01 miniupnpd[3625]: Listening for NAT-PMP/PCP traffic on port 5351
Oct 29 01:45:01 Skynet: [INFO] Startup Initiated... ( debug banmalware autoupdate usb=/tmp/mnt/SDA )
Oct 29 01:45:21 Skynet: [Complete] 0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]
 
Installation is still a no go.

Ugh, looks like a Kernel Panic. Hard for me to debug what exactly caused it from my end, still haven't been able to get my hands on a AC86U.

If you are sure it was caused by the BanMalware command in particular, my guess would be the ipset restore command is most likely the trigger. I know @john9527 ran into similar issues when porting the comment extension to the old codebase, but as this is baked in kernel by default I don't think it would be related. @RMerlin
 
I downloaded and installed Beta3 from here: https://m.mediafire.com/folder/bj94sbhrh7e49

I ran the install script from page 1 of this forum. I installed it in debug mode, using all of the default options. Everything appeared to install okay. There weren't any errors.

My System Log looks like this:

Code:
Oct 29 01:45:01 rc_service: service 3599:notify_rc restart_firewall
Oct 29 01:45:01 miniupnpd[2595]: shutting down MiniUPnPd
Oct 29 01:45:01 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Oct 29 01:45:01 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Oct 29 01:45:01 miniupnpd[3625]: HTTP listening on port 54646
Oct 29 01:45:01 miniupnpd[3625]: Listening for NAT-PMP/PCP traffic on port 5351
Oct 29 01:45:01 Skynet: [INFO] Startup Initiated... ( debug banmalware autoupdate usb=/tmp/mnt/SDA )
Oct 29 01:45:21 Skynet: [Complete] 0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]

Mind giving the banmalware feature a whirl, see if you also kpanic?
 
Mind giving the banmalware feature a whirl, see if you also kpanic?

No kernel panic. Worked just fine.

Code:
Oct 29 01:54:26 Skynet: [Complete] 133098 IPs / 2885 Ranges Banned. 133098 New IPs / 2885 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [40s]
Oct 29 01:55:04 Skynet: [Complete] 133098 IPs / 2885 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [26s]
Oct 29 01:55:31 Skynet: [Complete] 133098 IPs / 2885 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [12s]

I'm now sitting here watching my System Log report blocked connection attempts.

I'm in a little bit of dismay and disbelief this worked out so easily for me. Thanks @Adamm and @RMerlin! You guys rock.
 
No kernel panic. Worked just fine.

Well... Can't complain about that.

@.TT. Maybe try give it another go? Could have just gotten super unlucky, or maybe there is more then meets the eye as to what triggered it.
 
Unbanning autobans is just a one time deal, its not a setting so to speak, so Skynet should still be operating as per usual.
:p
So by unbanning I did not put these on some kind of whitelist? once they meet the threshold again, they will be autobanned again? nothing for me to do?
 
So by unbanning I did not put these on some kind of whitelist? once they meet the threshold again, they will be autobanned again? nothing for me to do?

Correct, they will still need to follow the same rules as other traffic or be banned again.
 
Uninstalled and re-installed vanilla on my RT-AC86U. Worked flawlessly. My Synology NAS was banning an IP every three minutes before installing Skynet. Now it's dead silence in the NAS log :)

I believe I am now officially in high cotton -- 200/200 Mbps policy-based OpenVPN speeds with working Skynet and AB-Solution (and Pixelserv). I love this freakin' router.
 
Last edited:
@Adamm any way to silence Skynet in systemlog?
Oct 30 09:26:06 kernel: --logIN=eth0 OUT= MAC=
Oct 30 08:26:41 Skynet: [INFO] Temporarily Disabling Debug Output...
Oct 30 09:26:53 kernel: --logIN=eth0 OUT= MAC=
Oct 30 09:26:55 kernel: --logIN=eth0 OUT= MAC=
Oct 30 09:27:06 kernel: --logIN=eth0 OUT= MAC=
Oct 30 09:27:10 kernel: --logIN=eth0 OUT= MAC=
Oct 30 09:27:17 kernel: --logIN=eth0 OUT= MAC=
Oct 30 09:27:30 kernel: --logIN=eth0 OUT= MAC=
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top