What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

is it possible to set Skynet in debug mode without all the entries appearing in the main asus webui syslog?

I would also find it good to be able to disable these messages separately.

:)
 
Noticed this morning that I was getting a lot of blocked outbound traffic to 131.253.34.230 over the evening. According to Whois and alienvault seems to map to Microsoft. Similar blocks to outbound 65.55.44.109, also maps to Microsoft, this time when using OneDrive, which so far functions in limited testing on my iPad. Haven’t noticed any thing amiss with Microsoft functions, but I use them sparingly. Wouldn’t have mentioned this if not for your post about MS services above.
 
Noticed this morning that I was getting a lot of blocked outbound traffic to 131.253.34.230 over the evening. According to Whois and alienvault seems to map to Microsoft. Similar blocks to outbound 65.55.44.109, also maps to Microsoft, this time when using OneDrive, which so far functions in limited testing on my iPad. Haven’t noticed any thing amiss with Microsoft functions, but I use them sparingly. Wouldn’t have mentioned this if not for your post about MS services above.

As long as they don't affect functionality that's perfectly normal, probably just certain telemetry requests being blocked.
 
OK, here's a fun one.

Skynet is blocking some IPs that I'd like to whitelist, but when I try to go in via AMTM I get
Skynet: [ERROR] Legacy v5 Installation Detected - Please Run Installer Manually To Upgrade!

So I try to run the v6 installer, but it doesn't work though because I still only have a 256MB USB so I can't have a swap file. Can I not even access the v5 menu anymore?
 
OK, here's a fun one.

Skynet is blocking some IPs that I'd like to whitelist, but when I try to go in via AMTM I get
Skynet: [ERROR] Legacy v5 Installation Detected - Please Run Installer Manually To Upgrade!

So I try to run the v6 installer, but it doesn't work though because I still only have a 256MB USB so I can't have a swap file. Can I not even access the v5 menu anymore?
what are you waiting for? Get a bigger flash drive.... $2-$5???????
 
Yasss it's on my list. There aren't any on Amazon and I haven't been out to a store lately. That intent doesn't help me with the immediate problem of being locked out of some websites at this point. Or, for that matter, the blocking of outbound Google Hangouts messages. lol
 
OK, here's a fun one.

Skynet is blocking some IPs that I'd like to whitelist, but when I try to go in via AMTM I get
Skynet: [ERROR] Legacy v5 Installation Detected - Please Run Installer Manually To Upgrade!

So I try to run the v6 installer, but it doesn't work though because I still only have a 256MB USB so I can't have a swap file. Can I not even access the v5 menu anymore?

To temporarily downgrade to the last v5 commit use the following command;

Code:
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/8efff7acef7b83723ad6d622cd9243cbbe043b72/firewall.sh" -o "/jffs/scripts/firewall" && chmod +x /jffs/scripts/firewall
 
Mmmm. It was a good try... it opens but then when I try to backup it tells me
Skynet Not Running - Aborting
(Edit: I get this even after (8) Restart Skynet and the Merlin web interface shows me the crazy processor activity.)

So. Just need to figure out how to do my ABS/Pixelserv backups. I've purchased my wife a new 8GB thumbdrive and stolen a 1GB one from her. That should do the trick. ;)
 
I. AM. BEATING. MY. HEAD. AGAINST. THE. WALL.

Ok. I thought swapping the thumbdrive was going to take about a half-hour. I started three hours ago.

Got 1GB thumbdrive. Spent another 20 minutes trying to figure out how to format it. mkfs.ext4 doesn't exist in this router, went for mkfs.ext3

Tried to use AMTM to install ABS. "/dev/sda1 doesn't have a label! Are you sure?"

Spent another 20 minutes trying to figure out how to label /dev/sda1 before I figured out the -L option on mkfs.ext3...

Installed ABS through AMTM. Installed Skynet through AMTM... or tried. Somehow even though this is a different thumbdrive, it was trying to run v5 again? So I grabbed the new command off page 1 of this thread. Selected 512MB cache... router spent several minutes creating the cache... eventually got this:

Creating SWAP File...
524288+0 records in
524288+0 records out
Setting up swapspace version 1, size = 536866816 bytes
UUID=f1730f8a-455d-427e-8408-43f149c1d273
swapon: /tmp/mnt/USBStick/myswap.swp: Invalid argument
SWAP File Located At /tmp/mnt/USBStick/myswap.swp

touch: /tmp/mnt/USBStick/skynet/events.log: Input/output error
touch: /tmp/mnt/USBStick/skynet/skynet.log: Input/output error
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: Input/output error

Restarting Firewall To Complete Installation
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: Input/output error


Now AMTM is black-and-white.

ABS doesn't work. Try to (re-install, since AMTM isn't showing me that it's installed...) I get:

Welcome
This is AB-Solution 3.11.2

looking for an installation
[: /tmp/mnt/USBStick: unknown operand

--> AB-Solution device change detected
--> fixing paths in files...

[: /tmp/mnt/USBStick: unknown operand
ab-solution.sh: .: line 1: can't open '/adblocking/.config/ab-solution.cfg'
SNBForum Asuswrt-Merlin Terminal Menu



So. AMTM doesn't look or work right. Skynet doesn't work. I tried chmod -R 777 all of the directories in /mnt/USBStick/ in case somehow they had become read-only... to no avail. wtf
 
I. AM. BEATING. MY. HEAD. AGAINST. THE. WALL.

Ok. I thought swapping the thumbdrive was going to take about a half-hour. I started three hours ago.

Got 1GB thumbdrive. Spent another 20 minutes trying to figure out how to format it. mkfs.ext4 doesn't exist in this router, went for mkfs.ext3

Tried to use AMTM to install ABS. "/dev/sda1 doesn't have a label! Are you sure?"

Spent another 20 minutes trying to figure out how to label /dev/sda1 before I figured out the -L option on mkfs.ext3...

Installed ABS through AMTM. Installed Skynet through AMTM... or tried. Somehow even though this is a different thumbdrive, it was trying to run v5 again? So I grabbed the new command off page 1 of this thread. Selected 512MB cache... router spent several minutes creating the cache... eventually got this:

Creating SWAP File...
524288+0 records in
524288+0 records out
Setting up swapspace version 1, size = 536866816 bytes
UUID=f1730f8a-455d-427e-8408-43f149c1d273
swapon: /tmp/mnt/USBStick/myswap.swp: Invalid argument
SWAP File Located At /tmp/mnt/USBStick/myswap.swp

touch: /tmp/mnt/USBStick/skynet/events.log: Input/output error
touch: /tmp/mnt/USBStick/skynet/skynet.log: Input/output error
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: Input/output error

Restarting Firewall To Complete Installation
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: Input/output error


Now AMTM is black-and-white.

ABS doesn't work. Try to (re-install, since AMTM isn't showing me that it's installed...) I get:

Welcome
This is AB-Solution 3.11.2

looking for an installation
[: /tmp/mnt/USBStick: unknown operand

--> AB-Solution device change detected
--> fixing paths in files...

[: /tmp/mnt/USBStick: unknown operand
ab-solution.sh: .: line 1: can't open '/adblocking/.config/ab-solution.cfg'
SNBForum Asuswrt-Merlin Terminal Menu



So. AMTM doesn't look or work right. Skynet doesn't work. I tried chmod -R 777 all of the directories in /mnt/USBStick/ in case somehow they had become read-only... to no avail. wtf


Sounds like the USB mounted incorrrctly, try a router reboot and go through the installation process again.
 
Sounds like the USB mounted incorrrctly, try a router reboot and go through the installation process again.
OK. Just tried it. Hard reset (unplugged power cord).
touch: /tmp/mnt/USBStick/skynet/events.log: Not a directory
touch: /tmp/mnt/USBStick/skynet/skynet.log: Not a directory
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: nonexistent directory

Restarting Firewall To Complete Installation
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: nonexistent directory

:(
 
OK. Just tried it. Hard reset (unplugged power cord).
touch: /tmp/mnt/USBStick/skynet/events.log: Not a directory
touch: /tmp/mnt/USBStick/skynet/skynet.log: Not a directory
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: nonexistent directory

Restarting Firewall To Complete Installation
/jffs/scripts/firewall: line 1: can't create /tmp/mnt/USBStick/skynet/skynet.cfg: nonexistent directory

:(


I suggest formatting again, try using Minitool Partition Wizard on a windows machine, it is much more user friendly then linux cmdline tools.
 
Pardon me is this has already been posted, but is there a way to get the county codes for sh /jffs/scripts/firewall ban country? IE Israel, Saudia Arabia, Iran, Burma to name a few
 
What I do have control over is that all router services are Whitelisted upon startup, so if you happened to set 8.8.8.8 as your DNS, it would be whitelisted.

Well, it seems to still be causing problems. These outbound ips are my Chromecast Ultra, Sony Vizio TV and Google Home Mini (x2) it stops all from working.

Mar 29 14:02:49 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.62 DST=8.8.8.8
Mar 29 14:02:49 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:50 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:51 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.50 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.106 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.106 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:53 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8

Input IP Or Range To Whitelist:
[IP/Range]: 8.8.8.8
Input Comment For Whitelist:
[Comment]: Google DNS
Whitelisting 8.8.8.8
ipset v6.32: Element cannot be added to the set: it's already added
Saving Changes

*************************
edit, here is the search output I forgot

Debug Data Detected in /tmp/mnt/SNB/skynet/skynet.log - 5.1M
Monitoring From Mar 21 06:00:16 To Mar 29 14:25:59
19302 Block Events Detected
3032 Unique IPs
62 Autobans Issued
5 Manual Bans Issued
Exact Matches;
https://iplists.firehol.org/files/coinbl_hosts.ipset - 8.8.8.8
Possible CIDR Matches;
Skynet: [Complete] 115740 IPs / 1673 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 42 Inbound / 0 Outbound Connections Blocked! [stats] [6s]
 
Last edited:
Well, it seems to still be causing problems. These outbound ips are my Chromecast Ultra, Sony Vizio TV and Google Home Mini (x2) it stops all from working.

Mar 29 14:02:49 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.62 DST=8.8.8.8
Mar 29 14:02:49 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:50 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:51 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.50 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.106 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.106 DST=8.8.8.8
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8
Mar 29 14:02:53 kernel: [BLOCKED - OUTBOUND] SRC=192.168.1.105 DST=8.8.8.8

Input IP Or Range To Whitelist:
[IP/Range]: 8.8.8.8
Input Comment For Whitelist:
[Comment]: Google DNS
Whitelisting 8.8.8.8
ipset v6.32: Element cannot be added to the set: it's already added
Saving Changes

*************************
edit, here is the search output I forgot

Debug Data Detected in /tmp/mnt/SNB/skynet/skynet.log - 5.1M
Monitoring From Mar 21 06:00:16 To Mar 29 14:25:59
19302 Block Events Detected
3032 Unique IPs
62 Autobans Issued
5 Manual Bans Issued
Exact Matches;
https://iplists.firehol.org/files/coinbl_hosts.ipset - 8.8.8.8
Possible CIDR Matches;
Skynet: [Complete] 115740 IPs / 1673 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 42 Inbound / 0 Outbound Connections Blocked! [stats] [6s]


Does it show up as whitelisted when you issue the following command?

Code:
sh /jffs/scripts/firewall stats search ip 8.8.8.8

If so, it shouldn’t be blocked (technically there may be a 1-2s period whenever the whitelist is updated but nothing noticeable).
 
Does it show up as whitelisted when you issue the following command?

Code:
sh /jffs/scripts/firewall stats search ip 8.8.8.8

If so, it shouldn’t be blocked (technically there may be a 1-2s period whenever the whitelist is updated but nothing noticeable).
Debug Data Detected in /tmp/mnt/SNB/skynet/skynet.log - 5.1M
Monitoring From Mar 21 06:00:16 To Mar 29 14:44:07
19336 Block Events Detected
3035 Unique IPs
62 Autobans Issued
5 Manual Bans Issued
8.8.8.8 is in set Skynet-Whitelist.
8.8.8.8 is NOT in set Skynet-Blacklist.
8.8.8.8 is NOT in set Skynet-BlockedRanges.
Whitelist Reason;
8.8.8.8 "CDN-Whitelist"
8.8.8.4 "nvram: wan_dns2_x"
8.8.8.8 First Tracked On Mar 27 02:25:01
8.8.8.8 Last Tracked On Mar 29 14:02:53
31 Blocks Total
Event Log Entries From 8.8.8.8;
Mar 23 08:20:38 Skynet: [Manual Whitelist] TYPE=Single SRC=8.8.8.8 COMMENT=Google DNS for Google Home
First Block Tracked From 8.8.8.8;
Mar 27 02:25:01 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:a0:6a:44:07:e9:58:08:00 SRC=192.168.1.62 DST=8.8.8.8 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=36890 DF PROTO=UDP SPT=58271 DPT=53 LEN=41
10 Most Recent Blocks From 8.8.8.8;
Mar 29 13:59:14 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:48:d6:d5:07:06:f2:08:00 SRC=192.168.1.50 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=55194 DF PROTO=ICMP TYPE=8 CODE=0 ID=6924 SEQ=4
Mar 29 14:02:49 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:a0:6a:44:07:e9:58:08:00 SRC=192.168.1.62 DST=8.8.8.8 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=62085 DF PROTO=UDP SPT=41376 DPT=53 LEN=41
Mar 29 14:02:49 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:20:df:b9:9d:c4:af:08:00 SRC=192.168.1.105 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2406 SEQ=1
Mar 29 14:02:50 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:20:df:b9:9d:c4:af:08:00 SRC=192.168.1.105 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2406 SEQ=2
Mar 29 14:02:51 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:20:df:b9:9d:c4:af:08:00 SRC=192.168.1.105 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2406 SEQ=3
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:48:d6:d5:07:06:f2:08:00 SRC=192.168.1.50 DST=8.8.8.8 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=21329 DF PROTO=UDP SPT=52117 DPT=53 LEN=55
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:e4:f0:42:5d:0a:11:08:00 SRC=192.168.1.106 DST=8.8.8.8 LEN=195 TOS=0x00 PREC=0xC0 TTL=64 ID=64055 PROTO=ICMP TYPE=3 CODE=3 [SRC=8.8.8.8 DST=192.168.1.106 LEN=167 TOS=0x00 PREC=0x00 TTL=64 ID=35540 DF PROTO=UDP SPT=53 DPT=42163 LEN=147 ]
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:e4:f0:42:5d:0a:11:08:00 SRC=192.168.1.106 DST=8.8.8.8 LEN=127 TOS=0x00 PREC=0xC0 TTL=64 ID=64056 PROTO=ICMP TYPE=3 CODE=3 [SRC=8.8.8.8 DST=192.168.1.106 LEN=99 TOS=0x00 PREC=0x00 TTL=64 ID=35543 DF PROTO=UDP SPT=53 DPT=42163 LEN=79 ]
Mar 29 14:02:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:20:df:b9:9d:c4:af:08:00 SRC=192.168.1.105 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2406 SEQ=4
Mar 29 14:02:53 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=88:d7:f6:1d:46:08:20:df:b9:9d:c4:af:08:00 SRC=192.168.1.105 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2406 SEQ=5
Top 10 Targeted Ports From 8.8.8.8 (Inbound);
Top 10 Sourced Ports From 8.8.8.8 (Inbound);
Skynet: [Complete] 115740 IPs / 1673 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 76 Inbound / 0 Outbound Connections Blocked! [stats] [3s]
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top