What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

This feature is now live with v6.7.1


Code:
( sh /jffs/scripts/firewall settings iot ports 123,124,125 ) Allow Port(s) To Access WAN (Use Comma As Separator)
( sh /jffs/scripts/firewall settings iot ports reset ) Reset Allowed Port List To Default

Thanks for adding that so quickly.

I have added custom port 587 but I still can't send the email notifications is there something else I need to do?
 
Thanks for adding that so quickly.

I have added custom port 587 but I still can't send the email notifications is there something else I need to do?

The logs will show you what packets and ports are being blocked. You can investigate accordingly or post a snippet of the IOT logs here.
 
This might be because the firewall rules seem to only allow UDP (unless I misread the commit!)

Good catch, I’ll have a look when I get home and see what the best way to approach specifying the protocol

Ok how do I access the relevant logs?

With debug mode enable it should be spamming your syslog with the relevant blocked packets.
 
Good catch, I’ll have a look when I get home and see what the best way to approach specifying the protocol



With debug mode enable it should be spamming your syslog with the relevant blocked packets.
I use a small loop:

Code:
for PROTO in tcp udp; do
                    iptables -I FORWARD -p "$PROTO" --dport 53 -j ACCEPT
                done
 
Thank you @Adamm for this awesome security tool :)
Tried some different Cron jobs for Banmalware update, Had 3 before morning midday and evening update.
Tested to change yesterday to 30 1-23/4 * * * works really good so far, Will try /6 or /8 later and see how that works
 
Last edited:
Hi @Adamm

This is the output of a banmalware update on my AC68U with last beta firmare 384.9_beta1

Code:
Downloading filter.list         | [0s]
Refreshing Whitelists           | /opt/bin/firewall: line 4816: can't fork
/opt/bin/firewall: line 4816: can't fork
/opt/bin/firewall: line 4816: can't fork
[12s]
Consolidating Blacklist         | [24s]
Filtering IPv4 Addresses        | [9s]
Filtering IPv4 Ranges           | [0s]
Applying New Blacklist          | [13s]
Refreshing AiProtect Bans       | [0s]
Saving Changes                  | [8s]

what could be the cause of the message "/opt/bin/firewall: line 4816: can't fork"?

thanks
 
dumps the IPSets from the ram to a hard copy in your installation directory, it also purges the logs of all the BLOCKED messages.

adam, thanks elaborating on how your app functions. i was hoping you could take a moment to explain why would my inbound blocks double after midnight, particularly when everyone was sleeping on our network;

Code:
Jan 30 21:00:06 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 46955 Inbound -- 18 Outbound Connections Blocked! [save] [6s]
Jan 30 22:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 47061 Inbound -- 18 Outbound Connections Blocked! [save] [7s]
Jan 30 23:00:06 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 47167 Inbound -- 18 Outbound Connections Blocked! [save] [6s]
Jan 31 00:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 108027 Inbound -- 18 Outbound Connections Blocked! [save] [7s]
Jan 31 01:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 108133 Inbound -- 18 Outbound Connections Blocked! [save] [7s]
Jan 31 02:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 108258 Inbound -- 18 Outbound Connections Blocked! [save] [7s]
 
adam, thanks elaborating on how your app functions. i was hoping you could take a moment to explain why would my inbound blocks double after midnight, particularly when everyone was sleeping on our network;

Code:
Jan 30 21:00:06 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 46955 Inbound -- 18 Outbound Connections Blocked! [save] [6s]
Jan 30 22:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 47061 Inbound -- 18 Outbound Connections Blocked! [save] [7s]
Jan 30 23:00:06 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 47167 Inbound -- 18 Outbound Connections Blocked! [save] [6s]
Jan 31 00:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 108027 Inbound -- 18 Outbound Connections Blocked! [save] [7s]
Jan 31 01:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 108133 Inbound -- 18 Outbound Connections Blocked! [save] [7s]
Jan 31 02:00:07 Skynet: [#] 156138 IPs (+0) -- 1671 Ranges Banned (+0) || 108258 Inbound -- 18 Outbound Connections Blocked! [save] [7s]

Check your stats using the commands in the readme, you will be able to break down the data in any way you like.
 
I've pushed v6.7.2


Code:
Use random hour between 12pm - 9am for banmalware
Aesthetics
Configurable IOT allowed port protocol

( sh /jffs/scripts/firewall settings iot proto udp|tcp|all ) Select IOT Allowed Port Protocol
 
I have a RT-AC86U running latest versions of AMTM, Diversion, Stubby w/ a swap file. I added Skynet & configured Diversion to work w/ Skynet. I configured Skynet to block inbound & outbound (recommended).

I need help with a an inbound ip being constantly blocked 24.13.248.148 which when I look up states it is Comcast Aurora. My service provider is Comcast and Aurora is nearby suburb to my location. This looks legit to me. When I go to whitelist the ip I get an error stating the ip is already whitelisted.

Is this an inbound vs outbound thing? Am I configured incorrectly? I seem to be operating fine with now over 70 of these log entries in the past hour.

Edit: Continuing to look at previous posts this seems to be how Skynet operates because I enabled debug mode. I see I can disable debug mode if I want to stop the log entries. Can I get a confirmation this please.
 
Last edited:
Hi @Adamm

This is the output of a banmalware update on my AC68U with last beta firmare 384.9_beta1

Code:
Downloading filter.list         | [0s]
Refreshing Whitelists           | /opt/bin/firewall: line 4816: can't fork
/opt/bin/firewall: line 4816: can't fork
/opt/bin/firewall: line 4816: can't fork
[12s]
Consolidating Blacklist         | [24s]
Filtering IPv4 Addresses        | [9s]
Filtering IPv4 Ranges           | [0s]
Applying New Blacklist          | [13s]
Refreshing AiProtect Bans       | [0s]
Saving Changes                  | [8s]

what could be the cause of the message "/opt/bin/firewall: line 4816: can't fork"?

thanks
I had the same thing happen today, it was the same 'Refreshing Whitelists' part of the script.
It is running out of memory to allow the process to fork.
I stopped running other sessions to free up some memory to allow the refresh to complete.
(I actually stopped running the 'Log Filter' in AB-Solution which I normally run in one session in 'Xshell 6' and a 'htop' running in another session in 'Xshell 6'. )

I have a swap file setup and this has previously been enough to allow 'banmalware update' to run.
I suspect that as Skynet is developing more and more features etc the memory required to perform some actions is increasing.
 
I had the same thing happen today, it was the same 'Refreshing Whitelists' part of the script.
It is running out of memory to allow the process to fork.
I stopped running other sessions to free up some memory to allow the refresh to complete.
(I actually stopped running the 'Log Filter' in AB-Solution which I normally run in one session in 'Xshell 6' and a 'htop' running in another session in 'Xshell 6'. )

I have a swap file setup and this has previously been enough to allow 'banmalware update' to run.
I suspect that as Skynet is developing more and more features etc the memory required to perform some actions is increasing.

I can not reproduce this. Skynets peak memory usage during banmawlare is quite small. fork errors almost exclusively are swap file related, try recreating it.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        904148     564600     339548       2752      29812      86564
-/+ buffers/cache:     448224     455924
Swap:       524284          0     524284
skynet@RT-AX88U-DC28:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        904148     605852     298296       2856      29812      86680
-/+ buffers/cache:     489360     414788
Swap:       524284          0     524284
skynet@RT-AX88U-DC28:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        904148     617280     286868       2856      29812      86680
-/+ buffers/cache:     500788     403360
Swap:       524284          0     524284
 
I can not reproduce this. Skynets peak memory usage during banmawlare is quite small. fork errors almost exclusively are swap file related, try recreating it.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        904148     564600     339548       2752      29812      86564
-/+ buffers/cache:     448224     455924
Swap:       524284          0     524284
skynet@RT-AX88U-DC28:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        904148     605852     298296       2856      29812      86680
-/+ buffers/cache:     489360     414788
Swap:       524284          0     524284
skynet@RT-AX88U-DC28:/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        904148     617280     286868       2856      29812      86680
-/+ buffers/cache:     500788     403360
Swap:       524284          0     524284
Thanks I will recreate my swapfile.
 
I’ll be looking into specifying custom allowed ports in the very near future, was Australia Day long weekend here so I didn’t have time to implement it yet.

Are you an Aussie too @Adamm ?? I'm born and bred NSW


Sent from my iPhone using Tapatalk Pro
 
I’m beginning to wonder if Colin Taylor and I are the only 2 Poms here.

My old man's a POM, so I'm half/half ... so make that 2.5 Pom's lol


Sent from my iPhone using Tapatalk Pro
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top