Skynet Skynet - Router Firewall & Security Enhancements

[Adamm]

Love your idea for the countries file.

Where did you place the countries file & how would you get that read by Skynet?

Thanks

I assume he did something like;

sh /jffs/scripts/firewall ban country "$(cat /tmp/test.txt)"

Where /tmp/test.txt can be changed to your specified file.

 

[yk101]

Love your idea for the countries file.

Where did you place the countries file & how would you get that read by Skynet?

Thanks

Is this what you are looking for?

admin@RT-AC88U:/jffs/scripts# file="/jffs/scripts/countries.txt"
admin@RT-AC88U:/jffs/scripts# name=$(cat "$file")
admin@RT-AC88U:/jffs/scripts#/jffs/scripts/firewall ban country "$name"
admin@RT-AC88U:/jffs/scripts#

You may want to create a small script to do that if you plan to run countries update often! Also, if you really want to be efficient, you can wrap all of the above into a single line instead of using individual variables line $name and $file...

 

[yk101]

I assume he did something like;

sh /jffs/scripts/firewall ban country "$(cat /tmp/test.txt)"

Where /tmp/test.txt can be changed to your specified file.

Exactly! You beat me by a few seconds...
Actually, I created an alias that I call whenever I want to do the update.

 

[pietjepuk100]

@yk101 @Adamm,

Thanks for the pointers. This makes perfect sense.

 

[skeal]

@Adamm Am I dreaming? Since the newest update I notice very few auto-bans and I mentioned to you have two open ports and I have had no hits on them at all where I would get scanned by Google spider once a day. Two questions are there less false positives? What protection if any does Skynet offer my open ports?

 

[Butterfly Bones]

@Adamm Am I dreaming? Since the newest update I notice very few auto-bans and I mentioned to you have two open ports and I have had no hits on them at all where I would get scanned by Google spider once a day. Two questions are there less false positives? What protection if any does Skynet offer my open ports?

Ok, you got my attention. I just found I have four open server ports that were never open before and I have been unable to find a reason or how to close them. I started a new post but now your reply makes me wonder.

False alarm! You can check the thread for answer if you are curious.
https://www.snbforums.com/threads/server-ports-open-not-wanted-ac-68u-merlin-380-68_4.43791/

 

[SMS786]

Just updated to V5.6.8 and noticed that no IP's were being blocked per the GUI menu. Waited 10 minutes, thinking perhaps the processes were locked. Still no blocking..then restarted and reinstalled Skynet to unfortunately still no avail. This is the output from the debug menu:


Literally nothing else from my router configuration has changed since my v5.6.8 update. Is anyone else having this issue?

 

[DonnyJohnny]

@Adamm Am I dreaming? Since the newest update I notice very few auto-bans and I mentioned to you have two open ports and I have had no hits on them at all where I would get scanned by Google spider once a day. Two questions are there less false positives? What protection if any does Skynet offer my open ports?

The change was tweak the autobanning of invalid packet from autobanning an invalid packet to 2 invalid packet within 5 min. Otherwise invalid packet will just drop silently.
So meaning there isn’t much changes to the security. Just that at which point the packet will be drop. If autoban, the packet will be drop before it can be process at raw table. If ip not in autoban, the packet will be drop in mangle stage..

This is how I think. Correct me if I am wrong.

 

[Adamm]

Just updated to V5.6.8 and noticed that no IP's were being blocked per the GUI menu. Waited 10 minutes, thinking perhaps the processes were locked. Still no blocking..then restarted and reinstalled Skynet to unfortunately still no avail. This is the output from the debug menu:


Literally nothing else from my router configuration has changed since my v5.6.8 update. Is anyone else having this issue?

There appears to be something wrong with your ipset.txt file as noted by the line "grep xxx/xxx/ipset.txt: Input/output error"

Upon running any commands are you getting the usual logging output that shows how many IP's are being blocked etc? If not I'd need a copy of your ipset.txt file to examine whats wrong with it. (Or you could uninstall/reinstall completely which would delete it and create one fresh but that's not an ideal situation if you have any manual whitelist/blacklist entries)

 

[Adamm]

@Adamm Am I dreaming? Since the newest update I notice very few auto-bans and I mentioned to you have two open ports and I have had no hits on them at all where I would get scanned by Google spider once a day. Two questions are there less false positives? What protection if any does Skynet offer my open ports?

The change was tweak the autobanning of invalid packet from autobanning an invalid packet to 2 invalid packet within 5 min. Otherwise invalid packet will just drop silently.
So meaning there isn’t much changes to the security. Just that at which point the packet will be drop. If autoban, the packet will be drop before it can be process at raw table. If ip not in autoban, the packet will be drop in mangle stage..

This is how I think. Correct me if I am wrong.

As donny said, this is a change in how Skynet flags an IP for blacklisting now as some users were having issues with Skynet banning legitimate services. Skynet is still offering the same level of protection, but IP's will now only be blacklisted if they send an invalid packet twice within a 5 minute period, on the first attempt it will be silently dropped.

 

[SMS786]

There appears to be something wrong with your ipset.txt file as noted by the line "grep xxx/xxx/ipset.txt: Input/output error"

Upon running any commands are you getting the usual logging output that shows how many IP's are being blocked etc? If not I'd need a copy of your ipset.txt file to examine whats wrong with it. (Or you could uninstall/reinstall completely which would delete it and create one fresh but that's not an ideal situation if you have any manual whitelist/blacklist entries)

Thanks for the prompt reply @Adamm

I checked my usb/skynet/scripts/ folder and there is no ipset.txt file..actually the folder is empty. I doubt that's normal, so I ended up manually uninstalling Skynet and reinstalling, and the exact same error is occurring. All the commands I run are still showing no IP's being blocked:

 

[DonnyJohnny]

Thanks for the prompt reply @Adamm

I checked my usb/skynet/scripts/ folder and there is no ipset.txt file..actually the folder is empty. I doubt that's normal, so I ended up manually uninstalling Skynet and reinstalling, and the exact same error is occurring. All the commands I run are still showing no IP's being blocked:

Have you tried going 3 Banmalware and add custom or default list.

 

[SMS786]

Have you tried going 3 Banmalware and add custom or default list.

Yep, tried adding the banmalware option for default and custom lists..still to no avail unfortunately..

 

[Adamm]

Thanks for the prompt reply @Adamm

I checked my usb/skynet/scripts/ folder and there is no ipset.txt file..actually the folder is empty. I doubt that's normal, so I ended up manually uninstalling Skynet and reinstalling, and the exact same error is occurring. All the commands I run are still showing no IP's being blocked:

Seems like an issue with the USB, try installing to JFFS and see what happens. If it works you can then change the install dir to the USB. Might want to check for errors on the disk too.

 

[Makaveli]

Thanks for the prompt reply @Adamm

I checked my usb/skynet/scripts/ folder and there is no ipset.txt file..actually the folder is empty. I doubt that's normal, so I ended up manually uninstalling Skynet and reinstalling, and the exact same error is occurring. All the commands I run are still showing no IP's being blocked:

was there two versions of skynet released on the same 10/01/2018 why does yours show 5.6.9 isn't 5.6.8 the most current version?

 

[Adamm]

was there two versions of skynet released on the same 10/01/2018 why does yours show 5.6.9 isn't 5.6.8 the most current version?

Yes just a minor update for a feature request that someone suggested on github issues section (local file support for the import/deport commands). Wasn't a major change so I didnt bother posting about it.

 

[DonnyJohnny]

Hi Adamm,
I have a quick question.
What does “Temporarily Disable Debug Output” mean?
Every hr there is a summary log of inbound/outbound ban. Does the “Temporarily Disable Debug Output” disable that as well?

As mentioned temporarily, how to enable it back?

I have been repeating reinstalling between vanilla and debugging installation. Is there a quicker way to enable and disable debugging?

 

[Adamm]

Hi Adamm,
I have a quick question.
What does “Temporarily Disable Debug Output” mean?
Every hr there is a summary log of inbound/outbound ban. Does the “Temporarily Disable Debug Output” disable that as well?

As mentioned temporarily, how to enable it back?

I have been repeating reinstalling between vanilla and debugging installation. Is there a quicker way to enable and disable debugging?

This feature will disable the individual IP logs until the firewall service is restarted, there is no way to disable the hourly summary currently.

 

[SMS786]

Seems like an issue with the USB, try installing to JFFS and see what happens. If it works you can then change the install dir to the USB. Might want to check for errors on the disk too.

So I reinstalled to JFFS and now Skynet is back to working like a charm. Looks like some type of issue with my USB..my AB-Solution is installed there too but it still works..weird..

Anyways, thanks @Adamm and everyone else for the help!

 

[Adamm]

Looks like some type of issue with my USB..my AB-Solution is installed there too but it still works..weird..

Try scan for errors or format it, seems like its definitely the USB as Skynet isn't able to write to the disk as indicated by ipset.txt unable to be created.