Skynet Skynet - Router Firewall & Security Enhancements

[thelonelycoder]

Also, I've seen ab-solution hang at "checking installation state", and the pixelserv stat's page be unresponsive.

That could have several reasons:
One being that the IP is blocked by Skynet but this should be covered by it.
The other is that if you enable access restriction in Administration/System under "Allow only specified IP address".
AB-Solution auto-adds a rule exception for the pixelserv-tls IP.
Although, that is checked when starting up and shutting down the AB UI.

 

[elorimer]

That could have several reasons:
One being that the IP is blocked by Skynet but this should be covered by it.
The other is that if you enable access restriction in Administration/System under "Allow only specified IP address".
AB-Solution auto-adds a rule exception for the pixelserv-tls IP.
Although, that is checked when starting up and shutting down the AB UI.

I uninstalled skynet, rebooted and both ab-s and pixelserv are back to normal. I won't be able to poke at this for a while, as I will be away for a few weeks and during that time keeping the openvpn servers going is the priority.

EDIT: It may not be Skynet. With Skynet uninstalled, pixelserv-tls became unresponsive after a few hours. Also, Ab-s wouldn't start past the "checking connection" line until I killed the pixelserv process. So I've disabled adblocking and pixelserv for the time being.

 

[Adamm]

I uninstalled skynet, rebooted and both ab-s and pixelserv are back to normal. I won't be able to poke at this for a while, as I will be away for a few weeks and during that time keeping the openvpn servers going is the priority.

Ill look into it in the morning if replicating it only takes starting 2 servers.

 

[skeal]

Ill look into it in the morning if replicating it only takes starting 2 servers.

I only have one server running and I have had the same problems.

 

[elorimer]

I only have one server running and I have had the same problems.

The second one is so you have a prayer of going in and starting the first one.

 

[Adamm]

@skeal @elorimer I've pushed v5.5.7 - For whatever reason having the Skynet entry in openvpn-event is causing the failure (the debug output is not very helpful as to why). This update will automagically remove the entry and should fix the openvpn server failing on startup. Will look into it more when I got some spare time and try track down exactly whats going on.

 

[MacG32]

@Adamm If you could implement clearing the cache after every operation and even after starting and restarting, I think that would solve the RAM issue. I would make it worth your time, if you'd send me a message with the amount you still need to purchase an Asus RT-AC86U.

 

[Adamm]

@Adamm If you could implement clearing the cache after every operation and even after starting and restarting, I think that would solve the RAM issue. I would make it worth your time, if you'd send me a message with the amount you still need to purchase an Asus RT-AC86U.

I'll add clearing the ram after operations in the next update when I'm back at home. As for the 86U, availability is the issue, waiting on a call back on Monday to try get the ball rolling.

 

[pattiri]

Since upgraded to v5.5.7;

Checking Install Directory Write Permissions...         [Passed]
Checking Firewall-Start Entry...                        [Passed]
Checking OpenVPN-Event Entry...                         [Failed]
Checking Services-Stop Entry...                         [Passed]
Checking CronJobs...                                    [Passed]
Checking IPSet Comment Support...                       [Passed]
Checking Log Level 7 Settings...                        [Passed]
Checking Autobanning Status...                          [Passed]
Checking Debug Mode Status...                           [Passed]
Checking For Duplicate Rules In RAW...                  [Passed]
Checking For Duplicate Rules In Filter...               [Passed]
Checking Skynet IPTable...                              [Passed]
Checking Whitelist IPSet...                             [Passed]
Checking BlockedRanges IPSet...                         [Passed]
Checking Blacklist IPSet...                             [Passed]
Checking Skynet IPSet...                                [Passed]

OpenVPN server is in use, OpenVPN client is connected to a droplet on Digital Ocean. But I haven't done anything related OpenVPN-Event entry so I think this is normal, right?

 

[Adamm]

But I haven't done anything related OpenVPN-Event entry so I think this is normal, right?

Forgot to remove that check, thanks for the reminder, it can be safely ignored. I've pushed an update removing it (it will require a forced update as theres no version change due to being a minor edit).

 

[pattiri]

Forgot to remove that check, thanks for the reminder, it can be safely ignored. I've pushed an update removing it (it will require a forced update as theres no version change due to being a minor edit).

This time;

Checking Install Directory Write Permissions...         [Passed]
Checking Firewall-Start Entry...                        [Failed]
Checking Services-Stop Entry...                         [Passed]
Checking CronJobs...                                    [Passed]
Checking IPSet Comment Support...                       [Passed]
Checking Log Level 7 Settings...                        [Passed]
Checking Autobanning Status...                          [Passed]
Checking Debug Mode Status...                           [Passed]
Checking For Duplicate Rules In RAW...                  [Passed]
Checking For Duplicate Rules In Filter...               [Passed]
Checking Skynet IPTable...                              [Passed]
Checking Whitelist IPSet...                             [Passed]
Checking BlockedRanges IPSet...                         [Passed]
Checking Blacklist IPSet...                             [Passed]
Checking Skynet IPSet...                                [Passed]

I've restarted Skynet 2 times and waited for about 10 minutes but still same

sh /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/entware # Skynet Firewall Addition

is already in firewall-start

 

[Adamm]

This time;

Sorry minor typo, commented out the wrong line. Its now fixed.

 

[dandle]

Hi Adamm

I've got a slight issue with this script. When I try to ban domains or IP addresses manually by invoking 'sh firewall' and then selecting the 'ban' option and then 'domain' etc it doesn't seem to stick.

So it tells me that

Skynet: [INFO] Adding example.com To Blacklist...

But it then says

firewall: exec: line 2353: firewall: not found

I also find that the domains or IP addresses haven't actually been banned.

Any ideas?

Thanks

 

[skeal]

@skeal @elorimer I've pushed v5.5.7 - For whatever reason having the Skynet entry in openvpn-event is causing the failure (the debug output is not very helpful as to why). This update will automagically remove the entry and should fix the openvpn server failing on startup. Will look into it more when I got some spare time and try track down exactly whats going on.

You the man @Adamm nice work! Reboots without need for a delay script.....awesome!

 

[Adamm]

Hi Adamm

I've got a slight issue with this script. When I try to ban domains or IP addresses manually by invoking 'sh firewall' and then selecting the 'ban' option and then 'domain' etc it doesn't seem to stick.

So it tells me that

Skynet: [INFO] Adding example.com To Blacklist...

But it then says

firewall: exec: line 2353: firewall: not found

I also find that the domains or IP addresses haven't actually been banned.

Any ideas?

Thanks

Works on my end. Please give me the full output along with;

sh /jffs/scripts/firewall debug info

 

[Protik]

In my stats output from Skynet, I am seeing the following IPs. Are they normal?

Top 10 Blocks (Outbound);
172x https://otx.alienvault.com/indicator/ip/255.255.255.255

Top 10 Blocked Devices (Outbound);
172x 0.0.0.0 (No Name Found)

 

[Twiglets]

In my stats output from Skynet, I am seeing the following IPs. Are they normal?

Top 10 Blocks (Outbound);
172x https://otx.alienvault.com/indicator/ip/255.255.255.255

Top 10 Blocked Devices (Outbound);
172x 0.0.0.0 (No Name Found)

I have had the "otx.alienvault....." line appear a few days ago.
Also not sure where from !!!
As it went away I have ignored it.

 

[yk101]

I have had the "otx.alienvault....." line appear a few days ago.
Also not sure where from !!!
As it went away I have ignored it.

Alienvault is the site used to check IP activity. It is added by @Adamm’s script for your convenience - just copy and paste into the browser!

A bigger concern is the actual IP:

255.255.255.255 is a broadcast address.

0.0.0.0 is *any* IP address.

 

[Adamm]

In my stats output from Skynet, I am seeing the following IPs. Are they normal?

Top 10 Blocks (Outbound);
172x https://otx.alienvault.com/indicator/ip/255.255.255.255

Top 10 Blocked Devices (Outbound);
172x 0.0.0.0 (No Name Found)

A bigger concern is the actual IP:

255.255.255.255 is a broadcast address.

0.0.0.0 is *any* IP address.

This is remnants of a bug that was fixed a few days ago. The broadcast IP's will be removed from the logs upon the next log rotation (when the log file hits 7MB). You can force a log reset via;

sh /jffs/scripts/firewall stats reset

I have had the "otx.alienvault....." line appear a few days ago.
Also not sure where from !!!

Alienvault is an IP reputation database, the important part is the end of the URL which contains the IP. This is for convenience for users so they can either click on the link or copy/paste depending on their SSH terminal and get an idea of why the IP in question may be blacklisted.

 

[2992]

@Adamm, I have (re)installed Skynet, and when I run Banmalware, the script exits at the "Consolidating Blacklist", never finishing the update process. Any idea?

Skynet Version; v5.5.8 (05/12/2017)

iptables v1.4.14 - (vlan2 @ 192.168.3.1)

ipset v6.32, protocol version: 6

FW Version; 380.68_4 (Oct 10 2017) (2.6.36.4brcmarm)

Install Dir; /tmp/mnt/abs16/skynet (13.9G / 14.7G Space Available)

Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/abs16

No Lock File Found


Checking Install Directory Write Permissions... [Passed]

Checking Firewall-Start Entry... [Passed]

Checking Services-Stop Entry... [Passed]

Checking CronJobs... [Passed]

Checking IPSet Comment Support... [Passed]

Checking Log Level 5 Settings... [Passed]

Checking Autobanning Status... [Passed]

Checking Debug Mode Status... [Passed]

Checking For Duplicate Rules In RAW... [Passed]

Checking For Duplicate Rules In Filter... [Passed]

Checking Skynet IPTable... [Passed]

Checking Whitelist IPSet... [Passed]

Checking BlockedRanges IPSet... [Passed]

Checking Blacklist IPSet... [Passed]

Checking Skynet IPSet... [Passed]




#!/bin/sh

#############################################################################################################

# _____ _ _ _____ #

# / ____| | | | | ____| #

# | (___ | | ___ _ _ __ ___| |_ __ _| |__ #

# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \ #

# ____) | <| |_| | | | | __/ |_ \ V / ___) | #

# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ |____/ #

# __/ | #

# |___/ #

# #

## - 05/12/2017 - Asus Firewall Addition By Adamm v5.5.8 #

## https://github.com/Adamm00/IPSet_ASUS #

#############################################################################################################



Router Model; R7000

Skynet Version; v5.5.8 (05/12/2017)

iptables v1.4.14 - (vlan2 @ 192.168.3.1)

ipset v6.32, protocol version: 6

FW Version; 380.68_4 (Oct 10 2017) (2.6.36.4brcmarm)

Install Dir; /tmp/mnt/abs16/skynet (13.9G / 14.7G Space Available)

Boot Args; /jffs/scripts/firewall start debug banmalware autoupdate usb=/tmp/mnt/abs16


0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked!

Nevermind, I've uninstalled and reinstalled and rebooted it like 10 times, and finally managed to run properly...