What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

1. it would be really useful we could have a sort of comment/tooltip/inline documentation for each item in the menu/sub menus similar to what we have in diversion. That said, I can easily understand what each item/sub item does particularly if I am new to the script. The description should not be necessarily long. Only one sentence or phrase works.

Most menu items are self explanatory, the settings could arguably be more descriptive but I am limited by space and aesthetics. I encourage users to go over the read-me if they have questions.

2. it would be useful to have an exit/cancel option throughout the menu (in all items/sub items) similar to diversion. This is really helpful when you want to navigate in the menu.

This is already present. Type "e" or "exit" in any submenu.

3. This is indeed a question. How can I access to the log to see what IPs have been blocked (all in a period of time not just top x)? Is it possible to backup the log frequently or save/archive them somewhere for future reference?

The raw logfile's are located in the Skynet install directory named "events.log" and "skynet.log". Please don't edit these files directly as you may cause other issues (make copies if you intend to).


4. I can see that my RAM usage has increased to almost 100% after I installed Skynet with all the recommended settings. Is it normal? I have set a 1GB swap file.

What you are looking at includes "cached" ram. Linux memory management is different to windows, you can google the differences between used and cached ram.
 
Most menu items are self explanatory, the settings could arguably be more descriptive but I am limited by space and aesthetics. I encourage users to go over the read-me if they have questions.



This is already present. Type "e" or "exit" in any submenu.



The raw logfile's are located in the Skynet install directory named "events.log" and "skynet.log". Please don't edit these files directly as you may cause other issues (make copies if you intend to).




What you are looking at includes "cached" ram. Linux memory management is different to windows, you can google the differences between used and cached ram.

Thanks Adamm for your response. About readme file, do you mean the first post in this thread or we have a readme file somewhere which I am not aware of?
 
@Adamm

This might be expected behavior, and I am not sure if this is related to AMTM, Skynet or Diversion etc, or me! *see #1 below

Issue:
Using AMTM to open Skynet, it finds old reference to itself and drops me back into the AMTM menu. With no option to update file pointers, remove, reinstall etc

Steps:
1. Turn off JFFS scripts. * I did not format the jffs partition , I got in a hurry the wife works from home :( ** Yes the drive mount point did change. So it was 99% me however the issue, is still valid, I think.
2. Re format Drive
2a. Re enable JFFS scripts.
3. Re install AMTM
4. Re install Diversion, etc, remove reference to swap file and recreate swap, thru AMTM,
5. AMTM shows open Skynet. ? * Had to be the jffs
6. Open Skynet, goes through the 10 part looking for USB and drops me back out in the AMTM menu. Repeat a couple of times like "Ground Hog day"

Resolution:
Install Skynet manually, = all good now and AMTM opens Skynet properly. With 189 pages in this thread I am sure this is likely buried here somewhere. :)

Thanks for the great work.
 
Last edited:
This might be expected behavior, and I am not sure if this is related to AMTM, Skynet or Diversion etc, or me! *see #1 below

Issue:
Using AMTM to open Skynet, it finds old reference to itself and drops me back into the AMTM menu. With no option to update file pointers, remove, reinstall etc

Steps:
1. Turn off JFFS scripts. * I did not format the jffs partition , I got in a hurry the wife works from home :( ** Yes the drive mount point did change. So it was 99% me however the issue, is still valid, I think.
2. Re format Drive
3. Re install AMTM
4. Re install Diversion, etc, remove reference to swap file and recreate swap, thru AMTM,
5. AMTM shows open Skynet. ? * Had to be the jffs
6. Open Skynet, goes through the 10 part looking for USB and drops me back out in the AMTM menu

Resolution:
Install Skynet manually, = all good now and AMTM opens Skynet properly. With 189 pages in this thread I am sure this is likely buried here somewhere. :)

Thanks for the great work.
Do you not need to add Turn jffs scripts back on at the appropriate place?

Thanks for the write-up: even if buried, with the right search terms, someone will find it and get themselves out of trouble.
 
Skynet seems to be awesome so far! Thanks for creating it.

There is one issue I have however, I noticed that my download speed dropped by quite a lot. My upload not so much.
But, when I (temporarily) disable Skynet, I regain some internet speed. Be it not to it's full potential, but at least I gain 50mb/s download again.

Is this related to debug logging or the fact that we have to put our USB 3 into a USB 2 port for the time being, regarding asuswrt/merlin.
Or could it be that my Swap is too big? I set it to 2GB.

Thanks for any pointers to the right direction.

I also disabled Diversion, which seems to have made no impact.
 
Thanks Adamm for your response. About readme file, do you mean the first post in this thread or we have a readme file somewhere which I am not aware of?

The help section in particular should answer most questions, a brief description is given to every command (which correlates to a menu option).

Skynet seems to be awesome so far! Thanks for creating it.

There is one issue I have however, I noticed that my download speed dropped by quite a lot. My upload not so much.
But, when I (temporarily) disable Skynet, I regain some internet speed. Be it not to it's full potential, but at least I gain 50mb/s download again.

Is this related to debug logging or the fact that we have to put our USB 3 into a USB 2 port for the time being, regarding asuswrt/merlin.
Or could it be that my Swap is too big? I set it to 2GB.

Thanks for any pointers to the right direction.

I also disabled Diversion, which seems to have made no impact.

I can assure you Skynet gives no measurable performance impact. I am able to pull 1.2Gbps throughput on my router via wireless.
 
Yea I didn't think so. I was more thinking out loud.
I mean, I do see a difference, but it isn't at all what is is supposed to be.

Odd too, I just disabled Diversion, Skynet and Stubby, but that didn't solve it.

I wonder what causes it, might have to try a reset or something if I can't find what it is.
 
@Adamm

I was seeing constant 70-80 % cpu usage in my above post #3764 and as much as 100% across both cpu's on my 5300.

I formatted the drive again and jffs this time ;) Now, I rarely see over 10%. Actually the normal is ~ 5%. Occasionally a spike at around 20%

I took the time to go back to ext2 on the drive vs ext4 previously. I doubt that had any thing to do with it. But mentioning it as it was the only change initiated on my part.
 
@Adamm Thanks for this script. I have installed it on my RT-AC86U router. I would like to deny inbound traffic from US, CN, RU countries for example. However when I do so, internet browsing stops working. I can no longer ping google.com for instance. My question, is this tool works with stateful or stateless packets?
 
I would like to deny inbound traffic from US, CN, RU countries for example. However when I do so, internet browsing stops working.

probably you are also blocking your DNS server. Check General Log, it'll show the incoming blocked packets with source and destination IP addresses.
 
I'm trying to add a few countries to the blocking file.
I found the list of country abbreviations here:
Code:
http://www.ipdeny.com/ipblocks/data/countries/

Where can I find what the abbreviations stand for? Example, What is North Korea? KN?
 
I'm trying to add a few countries to the blocking file.
I found the list of country abbreviations here:
Code:
http://www.ipdeny.com/ipblocks/data/countries/

Where can I find what the abbreviations stand for? Example, What is North Korea? KN?

http://ipdeny.com/ipblocks/
 
@Adamm Thanks for this script. I have installed it on my RT-AC86U router. I would like to deny inbound traffic from US, CN, RU countries for example. However when I do so, internet browsing stops working. I can no longer ping google.com for instance. My question, is this tool works with stateful or stateless packets?

If you've blocked inbound traffic from all US IP blocks, then you've blocked inbound traffic from a significant percentage of the entire Surface and Deep Web, including google.com. Google will receive your ICMP request, but you will not receive their response.

https://www.cia.gov/library/publications/the-world-factbook/rankorder/2184rank.html

SPI and bans via iptables are mutually exclusive of one another.
 
Last edited:
Interested to know a bit more information about this custom list. Do you keep manually importing them via ' sh /jffs/scripts/firewall import' or are you using another method to keep them updated on a schedule?

I use sh /jffs/scripts/firewall banmalware https://pastebin.com/raw/ZhT8ckH9 and have it set to the default update. It will now keep updating it nightly, just like the default list. :cool:

How exactly do I "have it set to the default update"? Do I need to modify https://github.com/Adamm00/IPSet_AS...e05689f278e84a371d2920d0609/firewall.sh#L2539 and https://github.com/Adamm00/IPSet_AS...e05689f278e84a371d2920d0609/firewall.sh#L3744 directly, or is there a command for this? Thanks

Edit: Nevermind, found it. https://www.snbforums.com/threads/skynet-asus-firewall-addition.16798/page-108#post-385865
I knew that command was there, but there's not a lot of documentation to go along with it. I wasn't sure how persistent the list specified via that command would be.
 
Last edited:
Hi, my router sometimes loses track of routes to external IP addresses that are specified in a VPN client. If I restart the VPN client it doesn't fix the problem but if I also restart Skynet then it seems to come good.

Here's two consecutive entries from the log:
Code:
Jan  4 04:04:32 Skynet: [#] 130799 IPs (-22566) -- 1654 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [78s]
Jan  4 05:00:04 Skynet: [#] 51231 IPs (-79568) -- 0 Ranges Banned (-1654) || 52 Inbound -- 0 Outbound Connections Blocked! [save] [4s]

My router was set to reboot at 4am and that all looked fine in the log. Skynet seems to start itself up just fine but an hour later lost a bunch of the blocked addresses and all the ranges.

Running current versions of Skynet and Merlin 384.8 on an RT-AC68U (genuine). Thanks for any ideas.
 
Was redoing my router and got around to adding Skynet back...

Is there any way to have the installer not ask to make a swap file when there already is one?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top