What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes, that's at least one of them.

Sent from my P027 using Tapatalk

I've removed "wrs.trendmicro.com" and "activeupdate.trendmicro.co.jp" from the Diversion blacklist and I'm getting a FAILED message when trying to update the signature from the Asus web gui.

What else do I need to delete from the blacklist to get the signatures to update?
 
I've removed "wrs.trendmicro.com" and "activeupdate.trendmicro.co.jp" from the Diversion blacklist and I'm getting a FAILED message when trying to update the signature from the Asus web gui.

What else do I need to delete from the blacklist to get the signatures to update?

Whitelist whatever address is used to download the signatures. I don't know what that address is.

Frankly, if you need to use the Trend Micro service, then don't block access to their servers. If it's not acceptable to you, then don't use their services. People are just losing their mind over a perfectly typical EULA that matches that of a lot of other online services out there. Seriously, Trend Micro is a company that operates in the security business. They're not in the personal data business like Facebook or Google.
 
I'm beginning to lose confidence in coinbl_hosts_browser.ipset

Well to be precise it is the way it is being used which is problematic. The original list is domain names. Iphol converts this to IP addresses and publishes. So what may have been a precise target could now potentially block hundreds of websites on that same IP.

It would make more sense for it to be used by Diversion rather than Skynet.
 
Hi @Adamm I wanted to say thank you for Skynet and did install it for the first time yesterday and will try it out more.
I have a little issue, I tried to ban .se domain but doesn't work as it still showing that the IP is banned, but it works to ban .com domains. Do I need to do anything else to ban .se domains?
 
Last edited:
I'm beginning to lose confidence in coinbl_hosts_browser.ipset

Well to be precise it is the way it is being used which is problematic. The original list is domain names. Iphol converts this to IP addresses and publishes. So what may have been a precise target could now potentially block hundreds of websites on that same IP.

It would make more sense for it to be used by Diversion rather than Skynet.

Unless it becomes a huge source of false positives I'm okay with it for now being on the example list. In any case you can manipulate the filter list to your liking by either replacing it or ignoring entries;

Code:
( sh /jffs/scripts/firewall banmalware google.com/filter.list ) This Uses The Fitler List From The Specified URL

( sh /jffs/scripts/firewall banmalware exclude "list1.ipset|list2.ipset" ) This Will Exclude Lists Matching The Names "list1.ipset list2.ipset" From The Current Filter (Quotes And Pipes Are Nessessary For Seperating Multiple Entries!)

Hi @Adamm I wanted to say thank you for Skynet and did install it for the first time yesterday and will try it out more.
I have a little issue, I tried to ban .se domain but doesn't work as it still showing that the IP is banned, but it works to ban .com domains. Do I need to do anything else to ban .se domains?

Every TLD should work, if you can give me an example domain I can investigate further.
 
Unless it becomes a huge source of false positives I'm okay with it for now being on the example list. In any case you can manipulate the filter list to your liking by either replacing it or ignoring entries;

Code:
( sh /jffs/scripts/firewall banmalware google.com/filter.list ) This Uses The Fitler List From The Specified URL

( sh /jffs/scripts/firewall banmalware exclude "list1.ipset|list2.ipset" ) This Will Exclude Lists Matching The Names "list1.ipset list2.ipset" From The Current Filter (Quotes And Pipes Are Nessessary For Seperating Multiple Entries!)



Every TLD should work, if you can give me an example domain I can investigate further.
Thank you for your reply.
I tried Google.se which doesn't gets banned but Google.com works to ban.
Aftonbladet.se doesn't work to ban as it says in log that the IP is banned.

I can still access like aftonbladet.se even if the ip is banned.
 
Thank you for your reply.
I tried Google.se which doesn't gets banned but Google.com works to ban.
Aftonbladet.se doesn't work to ban as it says in log that the IP is banned.

I can still access like aftonbladet.se even if the ip is banned.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# nslookup aftonbladet.se
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      aftonbladet.se
Address 1: 13.53.120.82 ec2-13-53-120-82.eu-north-1.compute.amazonaws.com

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 13.53.120.82
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 27/03/2019 -           Asus Firewall Addition By Adamm v6.8.4                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 328.0K
[i] Monitoring From May 7 11:00:31 To May 7 20:59:32
[i] 1390 Block Events Detected
[i] 476 Unique IPs
[i] 0 Manual Bans Issued

13.53.120.82 is in set Skynet-Whitelist.
13.53.120.82 is NOT in set Skynet-Blacklist.
13.53.120.82 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
--*

Associated Domain(s);
aftonbladet.se


[i] IP Location - Sweden (Amazon.com, Inc. / AS16509)

In this particular case, the domain is hosted on Amazon's CDN. We whitelist various CDN's by default to prevent false positives (the same IP may be used by hundreds of other domains).

I can probably add a toggle for this functionality if there is demand, but disabling it will no doubt cause other issues with false positives. Your best bet for the time being would be to block this one domain in Diversion if you use it.
 
Code:
skynet@RT-AX88U-DC28:/tmp/home/root# nslookup aftonbladet.se
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      aftonbladet.se
Address 1: 13.53.120.82 ec2-13-53-120-82.eu-north-1.compute.amazonaws.com

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 13.53.120.82
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 27/03/2019 -           Asus Firewall Addition By Adamm v6.8.4                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 328.0K
[i] Monitoring From May 7 11:00:31 To May 7 20:59:32
[i] 1390 Block Events Detected
[i] 476 Unique IPs
[i] 0 Manual Bans Issued

13.53.120.82 is in set Skynet-Whitelist.
13.53.120.82 is NOT in set Skynet-Blacklist.
13.53.120.82 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
--*

Associated Domain(s);
aftonbladet.se


[i] IP Location - Sweden (Amazon.com, Inc. / AS16509)

In this particular case, the domain is hosted on Amazon's CDN. We whitelist various CDN's by default to prevent false positives (the same IP may be used by hundreds of other domains).

I can probably add a toggle for this functionality if there is demand, but disabling it will no doubt cause other issues with false positives. Your best bet for the time being would be to block this one domain in Diversion if you use it.

Oh okay so thats why, its all okay than I just wanted to test and didn't get it blocked thats why.
I will try using Diversion also and see how it goes.

Thank you for your support.
 
Im usin a FAT formatted USB and Skynet is working fine or do I need to format to Ext?
 
Hello, could you tell me what is the command to block countries.

2, 4, then enter the country abbreviations of the countries you want to ban.
 
Im usin a FAT formatted USB and Skynet is working fine or do I need to format to Ext?

While FAT filesystems technically work, its considered unsupported and users are recommended to use ext* instead.
 
Hello, could you tell me what is the command to block countries.

In addition to the menu, as per the readme;

Code:
( sh /jffs/scripts/firewall ban country "pk cn sa" ) This Bans The Known IPs For The Specified Countries (Accepts Single/Multiple Inputs If Quoted) http://www.ipdeny.com/ipblocks/data/countries/
 
Hi, i have here a corrupted installation of skynet. Which files i have delete manually for a new clean installation?

Elaborate on corrupt... Also if you re-run the install command Skynet will fix any issues detected.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top