What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I've pushed v6.4.2

This update mostly involves UI improvements, along with the hotfixes since the last update. Please let me know if there is any odd (missing/incorrect/badly formatted) output in this update as around 300 strings had to be manually edited. You will notice the settings menu option is much more informative.

Hopefully this makes Skynet a little more aesthetically pleasing as its output was kind of all over the place.

Updated
Had to manully restart skynet after update dident see any [BLOCKED - INBOUND] ... for several minutes so went in to the menu and restarted skynet (8) was like debug mode did not work after update until i restarted it again
Dont know if it`s just a coincidence..

edit: updated again ;)
 
Last edited:
No I can't actually.

Code:
Skynet: [Complete] 113212 IPs / 1684 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 348 Inbound / 119 Outbound Connections Blocked! [stats] [4s]

admin@RT-AC86U-2EE8:/tmp/home/root# firewall stats reset
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 07/09/2018 -           Asus Firewall Addition By Adamm v6.4.1                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 5.0M
Monitoring From Sep 8 09:00:10 To Sep 10 19:46:25
21951 Block Events Detected
3889 Unique IPs
0 Manual Bans Issued

Stat Data Reset

Skynet: [Complete] 113212 IPs / 1684 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [stats] [1s]


This value is taken straight from IPTables;

Code:
Skynet: [Complete] 113212 IPs / 1684 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 11 Inbound / 0 Outbound Connections Blocked! [stats] [2s]

admin@RT-AC86U-2EE8:/tmp/home/root# iptables --line -t raw -vnL
Chain PREROUTING (policy ACCEPT 8763 packets, 1453K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  br0    *       0.0.0.0/0            0.0.0.0/0            ! match-set Skynet-Whitelist dst match-set Skynet-Master dst LOG flags 7 level 4 prefix "[BLOCKED - OUTBOUND] "
2        0     0 DROP       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            ! match-set Skynet-Whitelist dst match-set Skynet-Master dst
3       11   834 LOG        all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0            ! match-set Skynet-Whitelist src match-set Skynet-Master src LOG flags 7 level 4 prefix "[BLOCKED - INBOUND] "
4       11   834 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0            ! match-set Skynet-Whitelist src match-set Skynet-Master src

Chain OUTPUT (policy ACCEPT 5126 packets, 74M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            ! match-set Skynet-Whitelist dst match-set Skynet-Master dst LOG flags 7 level 4 prefix "[BLOCKED - OUTBOUND] "
2        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ! match-set Skynet-Whitelist dst match-set Skynet-Master dst
After rebooting the router and choosing reset again it worked! Thanks for your reply @Adamm
 
I love the update @Adamm looks and works awesome man!!:D
 
I've pushed v6.4.3


Mostly adding onto yesterdays update with various UI enhancements. There also been some improvement in syslog management and cleanup, Skynet should be much more mindful of what is printed to syslog now. Few bugs fixed in relation to restarts and stat caching.
 
From yesterday in syslog
Sep 10 16:18:05 Skynet: [INFO] New Version Detected - Updating To v6.4.2...
Sep 10 16:18:10 Skynet: [INFO] Skynet Sucessfully Updated - Restarting Firewall

Did not happen in syslog now when i updated(v6.4.3) only see a firewall restart.
But all is working fine thank you :)
 
Last edited:
Did not happen in syslog now when i updated(v6.4.3) only see a firewall restart.
But all is working fine thank you :)

Thanks, these logs were being incorrectly purged after the update takes place.
 
Having a strange issue this morning. I had to reinstall Skynet and now I am getting this after any action completes in the menu:

Code:
firewall: exec: line 3748: firewall: not found

Seems when it goes to run firewall again, it is not able to find it. However, "sh firewall" runs just fine from the command line.

I looked at line number 3748 in an editor and it was:
Code:
if [ -n "$reloadmenu" ]; then echo; echo; printf "[i] Press Enter To Continue..."; read -r "continue"; exec "$0"; fi

EDIT:
This may have been related to installing Skynet before installing entware. I reinstalled Skynet a second time and am no longer having this problem.
 
Last edited:
I've pushed v6.4.4

Following the theme of the last week, this update is again mostly UI based. This should be the last update in the near future as I have manually gone over just about everything and am happy with the result.
 
That's it!!!!! I know what it is. Thanks for jogging my memory. I installed 5 or 6 new z-wave devices on my security systems network. It is probably one of those devices communicating through my panel to the time server! Thanks everyone for the help.:oops:

Hmm,
Z-wave devices don't use wifi or ntp. They only communicate through a zwave controller.
 
/opt/bin/firewall update -f
Skynet: [INFO] Forcing Update
Skynet: [INFO] New Version Detected - Updating To v6.4.4...


not getting any results and can't ctl c out of it. Any advice?

Also looks like that is whats causing my txt file busy error message

admin@RT-AC88U-17F0:/tmp/home/root# firewall
-sh: firewall: Text file busy

had to completely uninstall and reinstall. We'll see what happens next.
 
Last edited:
Hmm,
Z-wave devices don't use wifi or ntp. They only communicate through a zwave controller.
Ok now I'm worried again, shoot!!:eek:
 
Ok now I'm worried again, shoot!!:eek:
look at your dhcp system log and find the ip/name/mac of the device that's initiating the traffic. Use a mac vendor identifier database to lookup the manufacturer of the device. It maybe a wireless camera that is using ntp. But unpatched security cameras could be a cause for concern.
 
look at your dhcp system log and find the ip/name/mac of the device that's initiating the traffic. Use a mac vendor identifier database to lookup the manufacturer of the device. It maybe a wireless camera that is using ntp. But unpatched security cameras could be a cause for concern.
The traffic is coming from my security panel and going out to a time server in both Kiev and Budapest.
 
admin@RT-AC88U-17F0:/tmp/home/root# firewall
-sh: firewall: Text file busy

had to completely uninstall and reinstall. We'll see what happens next.

That indicates a hung process, in future a reboot will do just fine.
 
The traffic is coming from my security panel and going out to a time server in both Kiev and Budapest.
Where did you get the panel? Do you have access to the settings or console on it? Where was it made? Check the NTP settings on the device if you can. Could be harmless config, but I would be worried if my equipment was phoning home to either location. Could be the panel trying to exfiltrate data using ntp ports. Could be the software developers are in the Ukraine and configured the ntp to their local sources.

I replaced all of my wifi home automation with zwave and switched to brand name ip cameras to avoid issues just like this.
 
I have pushed v6.4.5

Probably the smallest update I've ever pushed. I adjusted the log output to be much more compact which should help with text wraparound on smaller screens.

Last update, I promise :rolleyes:
 
I have pushed v6.4.5

Probably the smallest update I've ever pushed. I adjusted the log output to be much more compact which should help with text wraparound on smaller screens.

Last update, I promise :rolleyes:
So the next one will be an v4.6.5 [Virtual 'Steelbox' Edition - 001] :D ;)
 
Somewhere, in a parallel universum...

Ehm... auto-update as optional feature? I'm suffering from repetitive strain injuries because of your pace of updating this project ;):D
As per request, auto updating can now be enabled during install. I'll slow down eventually :p
Thanks for your hard work @Adamm and your excellent support. One more feature request, should you ever get bored: me don't want to sound ungrateful, but me thinks one new version check a day is way to little... :D Maybe make it configurable, so every one can adjust it to his or her own preferences?
The end goal is to make it check weekly or biweekly, but while development changes so frequently I have it daily for the time being. But I'm gradually running out of things to add so this will more than likely be sooner then later once I decide its "stable".

15 months later...

Last update, I promise :rolleyes:

:D;)
 
Hello,

Anyone can give me an insight about these in my log:

Sep 16 19:06:27 kernel: [BLOCKED - INVALID] IN=ppp0 OUT= MAC= SRC=10.0.0.17 DST=100.64.0.3 LEN=212 TOS=0x00 PREC=0x00 TTL=55 ID=56923 DF PROTO=UDP SPT=1724 DPT=1051 LEN=192 MARK=0x8000000
Sep 16 19:06:27 kernel: [BLOCKED - INVALID] IN=ppp0 OUT= MAC= SRC=10.0.0.17 DST=100.64.0.3 LEN=212 TOS=0x00 PREC=0x00 TTL=55 ID=57088 DF PROTO=UDP SPT=1724 DPT=1051 LEN=192 MARK=0x8000000
Sep 16 19:06:28 kernel: [BLOCKED - INVALID] IN=ppp0 OUT= MAC= SRC=10.0.0.17 DST=100.64.0.3 LEN=212 TOS=0x00 PREC=0x00 TTL=55 ID=57148 DF PROTO=UDP SPT=1724 DPT=1051 LEN=192 MARK=0x8000000
Sep 16 19:06:29 kernel: [BLOCKED - INVALID] IN=ppp0 OUT= MAC= SRC=10.0.0.17 DST=100.64.0.3 LEN=212 TOS=0x00 PREC=0x00 TTL=55 ID=57260 DF PROTO=UDP SPT=1724 DPT=1051 LEN=192 MARK=0x8000000
Sep 16 19:06:29 kernel: [BLOCKED - INVALID] IN=ppp0 OUT= MAC= SRC=10.0.0.17 DST=100.64.0.3 LEN=212 TOS=0x00 PREC=0x00 TTL=55 ID=57374 DF PROTO=UDP SPT=1724 DPT=1051 LEN=192 MARK=0x8000000
Sep 16 19:06:30 kernel: [BLOCKED - INVALID] IN=ppp0 OUT= MAC= SRC=10.0.0.17 DST=100.64.0.3 LEN=212 TOS=0x00 PREC=0x00 TTL=55 ID=57488 DF PROTO=UDP SPT=1724 DPT=1051 LEN=192 MARK=0x8000000
Sep 16 19:06:30 kernel: [BLOCKED - INVALID] IN=ppp0 OUT= MAC= SRC=10.0.0.17 DST=100.64.0.3 LEN=212 TOS=0x00 PREC=0x00 TTL=55 ID=57623 DF PROTO=UDP SPT=1724 DPT=1051 LEN=192 MARK=0x8000000

I see that the source is from an internal ip address from my isp network and the destination is my wan cgnat( I hate :( this but i don't have a choice)... My log is getting flooded sometimes with this same information.
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top