What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

For AC86U users, due to the new requirements to run even the most basic of scripts, I've unfortunately made SWAP files (and therefore USB installation) mandatory for this model starting from v5.4.6

To ease the pain though, I made a painless (un)installer for this. You can access these new commands via;

Code:
sh /jffs/scripts/firewall debug swap install

and

Code:
sh /jffs/scripts/firewall debug swap uninstall


ZOKBVbO.png


I suggest Skynet users remove old swap files (and entries in post-mount) and recreate them via the command above for assured future compatibility.

Hopefully with this change, we can re-enable the faster functions that were disabled this week due to ram limitations. As always let me know if there are any issues.

@.TT. @SeaConn @Andy1932
 
Last edited:
For AC86U users, due to the new requirements to run even the most basic of scripts, I've unfortunately made SWAP files (and therefore USB installation) mandatory for this model starting from v5.4.6

To ease the pain though, I made a painless (un)installer for this. You can access these new commands via;

Code:
sh /jffs/scripts/firewall debug swap install

and

Code:
sh /jffs/scripts/firewall debug swap uninstall


ZOKBVbO.png


I suggest Skynet users remove old swap files (and entries in post-mount) and recreate them via the command above for assured future compatibility.

Hopefully with this change, we can re-enable the faster functions that were disabled this week due to ram limitations. As always let me know if there are any issues.

@.TT. @SeaConn @Andy1932
I restored to factory defaults, formatted my usb, created the 512mb swap file...
Installed skynet and ab-solution without a single issue. All seems good!
 
@Adamm I know you suggest the swap install / reinstall for AC86U users, however since you and @thelonelycoder are both working toward that router compatibility with a swap file, should users of other routers (AC68U here) also run the swap uninstall / install commands to insure future compatibility?

I run a 512mb swap that was configured during Entware install following the link from the RMerlin wiki. I have no issues with SkyNet (or AB-Solution) just want to stay ahead of the game to avoid sniggles later. There are no memory issues currently, not sure I have ever seen any use of my swap, but better to have a safety valve. :)

Code:
mtn_dance@RT-AC68U-B088:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        255708      82352     173356          0        616      10872
-/+ buffers/cache:      70864     184844
Swap:       523212          0     523212
 
@Adamm I know you suggest the swap install / reinstall for AC86U users, however since you and @thelonelycoder are both working toward that router compatibility with a swap file, should users of other routers (AC68U here) also run the swap uninstall / install commands to insure future compatibility?

I run a 512mb swap that was configured during Entware install following the link from the RMerlin wiki. I have no issues with SkyNet (or AB-Solution) just want to stay ahead of the game to avoid sniggles later. There are no memory issues currently, not sure I have ever seen any use of my swap, but better to have a safety valve. :)

Code:
mtn_dance@RT-AC68U-B088:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        255708      82352     173356          0        616      10872
-/+ buffers/cache:      70864     184844
Swap:       523212          0     523212

Its not required on any other device at this point as older devices have significantly more free resources, but with that being said it doesn't hurt to have a swap file to future proof.
 
Last edited:
Its not required on any other device at this point as older devices have significantly more free resources, but with that being said it doesn't hurt to have a swap file to future proof.
Thank you, just to be clear this quote from you in post #1221 was why I ask about redoing swap on my AC68U for future development.
I suggest Skynet users remove old swap files (and entries in post-mount) and recreate them via the command above for assured future compatibility.
I already have a swap, just trying to be clear if I can leave it as is or should I redo it.
 
I already have a swap, just trying to be clear if I can leave it as is or should I redo it.

Up to you. But for support purposes I'd recommend using Skynets implementation. I'm sure @thelonelycoder will implement something similar eventually, so assuming he sticks to the same basic guideline we should be able to fully support and modify each-others swap implementations too.
 
@Butterfly Bones Ive just pushed v5.4.7. Skynet can now remove swap files generated by other scripts.
Awesome! Easier than removing the USB, formatting and reinstalling everything. :cool:

Original swap located as
Code:
/tmp/mnt/CruzerExt2/entware-ng.arm/swap
and removed successfully.

Code:
Creating SWAP File...
524288+0 records in
524288+0 records out
Setting up swapspace version 1, size = 536866816 bytes
UUID=f9f5b2ba-fed0-4045-b67b-757ebbf5c465
SWAP File Located At /tmp/mnt/CruzerExt2/skynet/myswap.swp

Restarting Firewall Service

Of course I backed up all the folders in my USB drive to my Linux laptop first using FileZilla. I'm a repetitive redundancy guy. :D
 
is there any out of the ordinary conditions which led to this?

I opened the firewall script in nano and it was HTML code for the repository website I believe. Tried it again later and it worked okay. Very strange. I've never had that happen before. Anyway, works now.
 
Anyone else experiencing strange behavior when updating the ban list?

Code:
Nov  4 19:00:57 Skynet: [INFO] Skynet Up To Date - v5.4.7
Nov  4 19:01:37 Skynet: [Complete] 84207 IPs / 3412 Ranges Banned. -81243 New IPs / 82 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [35s]
Nov  4 19:02:06 Skynet: [Complete] 83538 IPs / 3412 Ranges Banned. -669 New IPs / 0 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [7s]
Nov  4 19:03:34 Skynet: [Complete] 136090 IPs / 3114 Ranges Banned. 52552 New IPs / -298 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [37s]
Nov  4 19:05:03 Skynet: [Complete] 135378 IPs / 3114 Ranges Banned. -712 New IPs / 0 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [10s]

As indicated in the log above, I used the "banmalware" command and lost 80k+ ips (which isn't that strange), but updated again a couple of minutes later and gained 50k+ bans (does the list really fluctuate that much?). I also manually banned Tor exit nodes using the following command:

Code:
sh /jffs/scripts/firewall import https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1

but it resulted in -669 New IPs (the first time I ran it) and -712 New IPs (the second time). Why is the import command removing IPs?
 
Anyone else experiencing strange behavior when updating the ban list?
Code:
This Function Extracts All IPs And Adds Them ALL To Blacklist
Custom List Detected: https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1
Filtering IPv4 Addresses
Filtering IPv4 Ranges
Adding IPs To Blacklist
Saving Changes

Skynet: [Complete] 163105 IPs / 3429 Ranges Banned. 64 New IPs / 0 New Ranges Banned. 3706 Inbound / 544 Outbound Connections Blocked! [10s]
Code:
Nov  4 19:00:57 Skynet: [INFO] Skynet Up To Date - v5.4.7
Nov  4 19:01:37 Skynet: [Complete] 84207 IPs / 3412 Ranges Banned. -81243 New IPs / 82 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [35s]
Nov  4 19:02:06 Skynet: [Complete] 83538 IPs / 3412 Ranges Banned. -669 New IPs / 0 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [7s]
Nov  4 19:03:34 Skynet: [Complete] 136090 IPs / 3114 Ranges Banned. 52552 New IPs / -298 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [37s]
Nov  4 19:05:03 Skynet: [Complete] 135378 IPs / 3114 Ranges Banned. -712 New IPs / 0 New Ranges Banned. 2502 Inbound / 45 Outbound Connections Blocked! [10s]

As indicated in the log above, I used the "banmalware" command and lost 80k+ ips (which isn't that strange), but updated again a couple of minutes later and gained 50k+ bans (does the list really fluctuate that much?). I also manually banned Tor exit nodes using the following command:

Code:
sh /jffs/scripts/firewall import https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1

but it resulted in -669 New IPs (the first time I ran it) and -712 New IPs (the second time). Why is the import command removing IPs?


When I imported the same list, initially I see 64 new IP's added. This is because this list overlaps with a lot of IP's already downloaded by banmalware. You can confirm this because when you "deport" the list, 764 entries are removed.

Code:
This Function Extracts All IPs And Removes Them ALL From Blacklist
Custom List Detected: https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1
Filtering IPv4 Addresses
Filtering IPv4 Ranges
Removing IPs From Blacklist
Saving Changes

Skynet: [Complete] 162341 IPs / 3429 Ranges Banned. -764 New IPs / 0 New Ranges Banned. 3709 Inbound / 544 Outbound Connections Blocked! [9s]


As for banmalware fluctuating by 50k addresses. One of the bigger lists probably 404'd when you initially ran it. But when it fluctuates by a few hundred this is pretty normal.
 
Hi,

I just installed Skynet. The initial setup went smoothly. Then I wanted to change a setting by doing,

Code:
/jffs/script/firewall install

Unfortunately my PC got disconnected and I lost connection to the router. After restarting the router everything seemed normal and the installation went smoothly. Now problem is every time I restart my router, I see that Skynet is trying to initiate multiple times. The log looks like this:

Code:
Nov  4 23:48:49 rc_service: ntp 1253:notify_rc restart_upnp
Nov  4 23:48:49 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate usb=/tmp/mnt/pdas001 )
Nov  4 23:49:15 Skynet: [Complete] 43804 IPs / 0 Ranges Banned. 43804 New IPs / 0 New Ranges Banned.  Inbound /  Outbound Connections Blocked! [14s]
Nov  4 23:49:17 Skynet: [Complete] 43804 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [29s]
Nov  4 23:49:17 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Nov  4 23:49:18 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate usb=/tmp/mnt/pdas001 )
Nov  4 23:49:38 Skynet: [Complete] 43804 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]

I removed log entries where Skynet is not mentioned.

Now is this normal? If not, how do I troubleshoot this?

Thanks.
 
Hi,

I just installed Skynet. The initial setup went smoothly. Then I wanted to change a setting by doing,

Code:
/jffs/script/firewall install

Unfortunately my PC got disconnected and I lost connection to the router. After restarting the router everything seemed normal and the installation went smoothly. Now problem is every time I restart my router, I see that Skynet is trying to initiate multiple times. The log looks like this:

Code:
Nov  4 23:48:49 rc_service: ntp 1253:notify_rc restart_upnp
Nov  4 23:48:49 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate usb=/tmp/mnt/pdas001 )
Nov  4 23:49:15 Skynet: [Complete] 43804 IPs / 0 Ranges Banned. 43804 New IPs / 0 New Ranges Banned.  Inbound /  Outbound Connections Blocked! [14s]
Nov  4 23:49:17 Skynet: [Complete] 43804 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [29s]
Nov  4 23:49:17 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Nov  4 23:49:18 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate usb=/tmp/mnt/pdas001 )
Nov  4 23:49:38 Skynet: [Complete] 43804 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]

I removed log entries where Skynet is not mentioned.

Now is this normal? If not, how do I troubleshoot this?

Thanks.

I uninstalled Skynet using the uninstall option from the menu. After the restart, I am seeing log entries like this which I did not see earlier.

Code:
Nov  5 00:21:52 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=50499 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:03 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=60930 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:07 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=80.82.65.231 DST=[MY IP] LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=32422 PROTO=TCP SPT=42186 DPT=3100 SEQ=415891483 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Nov  5 00:22:08 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=80.82.65.231 DST=[MY IP] LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=32422 PROTO=TCP SPT=42186 DPT=3100 SEQ=415891483 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Nov  5 00:22:14 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.197.13.237 DST=[MY IP] LEN=71 TOS=0x00 PREC=0x00 TTL=47 ID=8685 DF PROTO=TCP SPT=443 DPT=58165 SEQ=3653637723 ACK=806807409 WINDOW=33 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:14 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=40412 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:14 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.197.13.237 DST=[MY IP] LEN=71 TOS=0x00 PREC=0x00 TTL=47 ID=31722 DF PROTO=TCP SPT=443 DPT=59101 SEQ=3080558139 ACK=3760153483 WINDOW=33 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:17 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=199.96.57.6 DST=[MY IP] LEN=88 TOS=0x00 PREC=0x00 TTL=55 ID=56345 DF PROTO=TCP SPT=443 DPT=57344 SEQ=153216418 ACK=4133962326 WINDOW=62 RES=0x00 ACK URGP=0 OPT (0101080A92E04A81002F3EB1)
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4945 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=71 TOS=0x00 PREC=0x00 TTL=55 ID=4946 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847706 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4949 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=51697 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:26 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4950 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:27 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4951 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:29 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4952 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:33 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=185.190.58.235 DST=[MY IP] LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=25730 PROTO=TCP SPT=58886 DPT=3392 SEQ=1223301987 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Nov  5 00:22:33 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4953 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:36 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=62236 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0

Now how do I get rid of these and do a clean installation?

Thanks.
 
I uninstalled Skynet using the uninstall option from the menu. After the restart, I am seeing log entries like this which I did not see earlier.

Code:
Nov  5 00:21:52 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=50499 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:03 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=60930 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:07 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=80.82.65.231 DST=[MY IP] LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=32422 PROTO=TCP SPT=42186 DPT=3100 SEQ=415891483 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Nov  5 00:22:08 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=80.82.65.231 DST=[MY IP] LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=32422 PROTO=TCP SPT=42186 DPT=3100 SEQ=415891483 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Nov  5 00:22:14 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.197.13.237 DST=[MY IP] LEN=71 TOS=0x00 PREC=0x00 TTL=47 ID=8685 DF PROTO=TCP SPT=443 DPT=58165 SEQ=3653637723 ACK=806807409 WINDOW=33 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:14 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=40412 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:14 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.197.13.237 DST=[MY IP] LEN=71 TOS=0x00 PREC=0x00 TTL=47 ID=31722 DF PROTO=TCP SPT=443 DPT=59101 SEQ=3080558139 ACK=3760153483 WINDOW=33 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:17 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=199.96.57.6 DST=[MY IP] LEN=88 TOS=0x00 PREC=0x00 TTL=55 ID=56345 DF PROTO=TCP SPT=443 DPT=57344 SEQ=153216418 ACK=4133962326 WINDOW=62 RES=0x00 ACK URGP=0 OPT (0101080A92E04A81002F3EB1)
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4945 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=71 TOS=0x00 PREC=0x00 TTL=55 ID=4946 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847706 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4949 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:25 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=51697 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:26 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4950 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:27 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4951 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:29 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4952 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:33 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=185.190.58.235 DST=[MY IP] LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=25730 PROTO=TCP SPT=58886 DPT=3392 SEQ=1223301987 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Nov  5 00:22:33 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=151.101.196.193 DST=[MY IP] LEN=98 TOS=0x00 PREC=0x00 TTL=55 ID=4953 DF PROTO=TCP SPT=443 DPT=59026 SEQ=544847648 ACK=3500442480 WINDOW=58 RES=0x00 ACK PSH URGP=0
Nov  5 00:22:36 kernel: DROP IN=eth0 OUT= MAC=78:24:af:d4:df:28:d4:04:cd:d1:fb:50:08:00 SRC=138.23.2.226 DST=[MY IP] LEN=1500 TOS=0x00 PREC=0x00 TTL=240 ID=62236 PROTO=TCP SPT=443 DPT=53676 SEQ=2969862447 ACK=2983566459 WINDOW=32768 RES=0x00 ACK PSH URGP=0

Now how do I get rid of these and do a clean installation?

Thanks.

This is because Skynet changes the "Logged packets type" to "Dropped" under the Router GUI settings. I will revert this during uninstall for future versions.
 
Now is this normal? If not, how do I troubleshoot this?

Yes this is normal. During the restart_firewall event, the firewall-start script is executed multiple times. Because of this during boot Skynet is initiated multiple times.

That being said Skynet was designed with this in mind and can fully handle the "start" command being run repeatedly without any adverse effects. Sometimes you may see instead a warning mentioning a lock file, this is another countermeasure Skynet uses.
 
Yes this is normal. During the restart_firewall event, the firewall-start script is executed multiple times. Because of this during boot Skynet is initiated multiple times.

That being said Skynet was designed with this in mind and can fully handle the "start" command being run repeatedly without any adverse effects. Sometimes you may see instead a warning mentioning a lock file, this is another countermeasure Skynet uses.

I see. Thanks!
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top