What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Does anyone know what format IP addresses have to be in to be imported in to the firewall?

Just one IP or CIDR range per line and Skynet should be able to sort through it. The issue may lie with line endings on certain file hosts, I'll look into automatically converting this in the morning if it's an issue.
 
Maybe a test to see if there is a swap file already and then proceed, with the option to install if one not found, if you feel like it?

Skynet should detect any swap file already installed when using the swap install function and prevent you from creating another. During the 86U installation it will also warn you that one needs to be installed before Skynet will work. You should have a hard time exhausting ram on any other model.
 
The issue may lie with line endings on certain file hosts, I'll look into automatically converting this in the morning if it's an issue.
I have this handy function run over files. No more problems with users saving files in DOS EOL or some other unknowns...
Code:
# remove empty lines, DOS EOL, add one empty line at end
trim_file(){
sed -i '$a\' $1
sed -i '/^[[:blank:]]*$/d;s/\r$//' $1
}
 
Just one IP or CIDR range per line and Skynet should be able to sort through it. The issue may lie with line endings on certain file hosts, I'll look into automatically converting this in the morning if it's an issue.

Neither the command or the GUI import the IPs. The sources are https://pastebin.com/627iKp8b or http://4gp.me/bbtc/1510775336438.txt . I'm not sure if they're already blocked, as I don't know how to check. This list of IPs was issued yesterday by DHS. Thank you for your help.
 
I found AB-Solution and Entware after installing Asuswrt-Merlin and reading his wiki, This link. https://github.com/RMerl/asuswrt-merlin/wiki/How-to-use-Adblock-using-Pixelserv and this section.
Good, I added the info about AB-Solution (my handle is Decoderman on GitHub). There used to be another entry for @swetoast , a former member. But he gave up on his minimalist ad-blocker.
Maybe a test to see if there is a swap file already and then proceed, with the option to install if one not found, if you feel like it?
No need to check if I don't have to add a swap file. Looks like this is what I though it is, a, hopefully, fleeting glitch in 86U land.
 
Neither the command or the GUI import the IPs. The sources are https://pastebin.com/627iKp8b or http://4gp.me/bbtc/1510775336438.txt . I'm not sure if they're already blocked, as I don't know how to check. This list of IPs was issued yesterday by DHS. Thank you for your help.

This should be fixed in 5.4.4

For pastebin files make sure you use the "raw" link (otherwise your linking a full html page). The second host I have no idea what they are doing to files but I had a few attempts at converting it using various methods which resulted in files turning to gibberish, will look into it another time.

Also, is there a source link to where you got this list, I'm always looking for new reliable feeds for badips.
 
This should be fixed in 5.4.4

For pastebin files make sure you use the "raw" link (otherwise your linking a full html page). The second host I have no idea what they are doing to files but I had a few attempts at converting it using various methods which resulted in files turning to gibberish, will look into it another time.

Also, is there a source link to where you got this list, I'm always looking for new reliable feeds for badips.

Thank you. The report is located here https://www.us-cert.gov/ncas/alerts/TA17-318A The IPs were taken from the file IOCs (.csv).
 
I have a question. Let's say I've whitelisted a site after checking that it's not malicious. But later on one of the updated list found that the site became malicious again.

Now what will Skynet do? My whitelisting will take precedence? Or the report of the site being malicious will take over and ban again?

Sent from my SGH-M919 using Tapatalk
 
I have a question. Let's say I've whitelisted a site after checking that it's not malicious. But later on one of the updated list found that the site became malicious again.

Now what will Skynet do? My whitelisting will take precedence? Or the report of the site being malicious will take over and ban again?

Sent from my SGH-M919 using Tapatalk

Whitelist will always take priority over the Blacklist. So until you manually remove it, it will stay unblocked.
 
Skynet appears block XBOX chat. Anybody know how to whitelist/unban this?


Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and unban) anything incorrectly on your Blacklist!

1.) Enable Debug Mode via the installer
Code:
sh /jffs/scripts/firewall install

2.) Open the blocked application/website and use the command;

Code:
sh /jffs/scripts/firewall debug watch

Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;
Code:
DST=175.115.37.52

4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault.

Code:
https://otx.alienvault.com/indicator/ip/175.115.37.52/

5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

Code:
sh /jffs/scripts/firewall whitelist ip 175.115.37.52

Also, let me know when you find the offending IP, it may be from the new telemetry entries I added.
 
I whitelisted this IP and XBOX chat works again: 65.55.252.169.

I am using version v5.5.4.

Thanks, I removed the entry from the source list so others don't run into the same issue.
 
Hi, @Adamm, I've this "problem":

Checking Autobanning Status... [Failed]

Code:
Router Model; RT-AC3200
Skynet Version; v5.5.4 (16/11/2017)
iptables v1.4.14 - (ppp0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
FW Version; 380.68_4 (Oct 4 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/Skynet/skynet (1.1G / 1.2G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/Skynet
No Lock File Found

Checking Install Directory Write Permissions...         [Passed]
Checking Firewall-Start Entry...                        [Passed]
Checking OpenVPN-Event Entry...                         [Passed]
Checking CronJobs...                                    [Passed]
Checking IPSet Comment Support...                       [Passed]
Checking Log Level 5 Settings...                        [Passed]
Checking Autobanning Status...                          [Failed]
Checking Debug Mode Status...                           [Passed]
Checking For Duplicate Rules In RAW...                  [Passed]
Checking For Duplicate Rules In Filter...               [Passed]
Checking Skynet IPTable...                              [Passed]
Checking Whitelist IPSet...                             [Passed]
Checking BlockedRanges IPSet...                         [Passed]
Checking Blacklist IPSet...                             [Passed]
Checking Skynet IPSet...                                [Passed]

Skynet: [Complete] 132324 IPs / 1844 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Ou                    tbound Connections Blocked! [2s]
 
Hi, @Adamm, I've this "problem":

Checking Autobanning Status... [Failed]

Code:
Router Model; RT-AC3200
Skynet Version; v5.5.4 (16/11/2017)
iptables v1.4.14 - (ppp0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
FW Version; 380.68_4 (Oct 4 2017) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/Skynet/skynet (1.1G / 1.2G Space Available)
Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/Skynet
No Lock File Found

Checking Install Directory Write Permissions...         [Passed]
Checking Firewall-Start Entry...                        [Passed]
Checking OpenVPN-Event Entry...                         [Passed]
Checking CronJobs...                                    [Passed]
Checking IPSet Comment Support...                       [Passed]
Checking Log Level 5 Settings...                        [Passed]
Checking Autobanning Status...                          [Failed]
Checking Debug Mode Status...                           [Passed]
Checking For Duplicate Rules In RAW...                  [Passed]
Checking For Duplicate Rules In Filter...               [Passed]
Checking Skynet IPTable...                              [Passed]
Checking Whitelist IPSet...                             [Passed]
Checking BlockedRanges IPSet...                         [Passed]
Checking Blacklist IPSet...                             [Passed]
Checking Skynet IPSet...                                [Passed]

Skynet: [Complete] 132324 IPs / 1844 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Ou                    tbound Connections Blocked! [2s]


If you restart Skynet and wait about 60 seconds, does this still occur? It may be a one off issue caused by something else flushing IPTables without triggering the restart_firewall event.
 
Thanks, @Adamm!

I've restarted Skynet and I've waited 60 seconds. Now I have not the problem.

Why this is happened?
 
Thanks, @Adamm!

I've restarted Skynet and I've waited 60 seconds. Now I have not the problem.

Why this is happened?

Hard to say exactly, but most likely something else (maybe another script, maybe something built into the fw like trend micro or some gui setting) flushed IPTables in a sloppy way which didn't execute the restart_firewall event (thus executing firewall-start script which runs Skynet).

With that being said, its a very uncommon situation, probably a one off "bug" from something else. If I have reports in future of similar occurrences in future we can look into tracking it down specifically or implementing a self repair function, but I think its unnecessary at the moment.
 
Hard to say exactly, but most likely something else (maybe another script, maybe something built into the fw like trend micro or some gui setting) flushed IPTables in a sloppy way which didn't execute the restart_firewall event (thus executing firewall-start script which runs Skynet).

With that being said, its a very uncommon situation, probably a one off "bug" from something else. If I have reports in future of similar occurrences in future we can look into tracking it down specifically or implementing a self repair function, but I think its unnecessary at the moment.

Ah ... I had forgotten ...

I installed Pixelserv-tls beta, could this have been?

Surely this was because I never had this problem before. I'm sure this was my operation.

Thanks, @Adamm
 
Hi

Looking for some help We are having problem with onedrive not loading our files, I have now whitelisted 3 IPs and it works for a couple of hours but later it blocked again

Nov 19 20:43:16 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC= SRC=10.*.*.* DST=157.55.109.224 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=28533 DF PROTO=TCP SPT=64288 DPT=443 SEQ=2572823490 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)

ZHGrLKE.png
 
I installed Pixelserv-tls beta, could this have been?

I don't think pixel-server specifically but maybe something of that nature. I wouldn't loose too much sleep over it unless it happens again.

Looking for some help We are having problem with onedrive not loading our files, I have now whitelisted 3 IPs and it works for a couple of hours but later it blocked again

Thanks, I've removed the offending entry from the new telemetry list (if you run banmalware again it should be fixed). I sourced the list from a reputable provider but microsoft are quite aggressive with their telemetry and have 150 IPs alone and 18 /24 blocks so some of the newer entries have caused some issues with microsoft services. Let me know if that fixed the issue.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top