What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If they remove the existing "export PATH" line manually from Skynet they will also get this effect. But for most users its probably easier to just wait for a firmware update
Downloading curl from Entware and commenting the "export PATH" line fixed the problem on my AC87U, thanks Adamm and Twiglets.
 
Hi just to be clear from earlier I need to just enable tls over dns use Google for instance (8.8.8.8) , set my openvpn dns settings to disabled set dhcp option in openvpn to 8.8.8.8 (as noted by xentrk) and my dns shouldn't leak and diversion should function correctly blocking and resolving blocked sites to 192.168.2.2 as before?


Sent from my SM-A505U1 using Tapatalk
 
Hi just to be clear from earlier I need to just enable tls over dns use Google for instance (8.8.8.8) , set my openvpn dns settings to disabled set dhcp option in openvpn to 8.8.8.8 (as noted by xentrk) and my dns shouldn't leak and diversion should function correctly blocking and resolving blocked sites to 192.168.2.2 as before?


Sent from my SM-A505U1 using Tapatalk

Wrong thread I think?
 
I've pushed v7.0.1

Code:
Fix multiple whitelist bugs
Fix CDN aesthetics
Temporary fix for AC87U and AC3200 users with unsupported curl version due to firmware (requires entware)
 
Last edited:
I've pushed v7.0.0

Je85FKh.png



Code:
Add New Logo
Fix Spacing Issues
Add ASN Whitelisting
Improve Comment Based Whitelist Removal
Cache Malware Blacklists Locally ($sknetloc/lists)
Only Download Malware List If Newer Timestamp (thanks @wbartels for the suggestion)
Replace Parellel Downloads With Native curl Functionality (-Z)
Significicantly Increase Reliability Of Malware List Download/Processing
Significiantly Improve "stats search malware" Lookup Time


Also for anyone keeping track, this is our 1000th Github commit, so quite fitting we celebrate the milestone with a major version change (v6 came out on Mar 19, 2018) :p
:eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::cool:
Adam you did it again!.....
 
I've pushed v7.0.1

Code:
Fix multiple whitelist bugs
Fix CDN aesthetics
Temporary fix for AC87U and AC3200 users with unsupported curl version due to firmware (requires entware)
Adamm,

Somewhat late .... many thanks for the 'curl' tweak :D

I was temporarily 'off-line' due to 'Colonoscopy prep' .............
If you have had one [and one is enough IMHO :D] you will understand *completely* :eek::eek::eek:;):D
 
I've pushed v7.0.1

Code:
Fix multiple whitelist bugs
Fix CDN aesthetics
Temporary fix for AC87U and AC3200 users with unsupported curl version due to firmware (requires entware)
Thank you for trying to fix this but i still get the same error when Consolidating Blacklist:

Consolidating Blacklist | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware

Curl version :

curl 7.66.0 (arm-openwrt-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
Release-Date: 2019-09-11
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz SSL

wc -l /jffs/shared-*:

43 /jffs/shared-Diversion-whitelist
20 /jffs/shared-Skynet-whitelist
14 /jffs/shared-Skynet2-whitelist
77 total

 
Last edited:
Thank you for trying to fix this but i still get the same error when Consolidating Blacklist:

Consolidating Blacklist | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware

Curl version :

curl 7.66.0 (arm-openwrt-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
Release-Date: 2019-09-11
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz SSL

wc -l /jffs/shared-*:

43 /jffs/shared-Diversion-whitelist
20 /jffs/shared-Skynet-whitelist
14 /jffs/shared-Skynet2-whitelist
77 total


Perhaps I got the model string wrong, mind showing me the output of;

Code:
sh /jffs/scripts/firewall debug info
 
Perhaps I got the model string wrong, mind showing me the output of;

Code:
sh /jffs/scripts/firewall debug info
Router Model; RT-AC3200
Skynet Version; v7.0.1 (04/12/2019) (b9c0b0628cc89052e9884619c610404b)
iptables v1.4.15 - (eth0 @ 192.168.8.8)
ipset v6.32, protocol version: 6
FW Version; 384.13_2 (Dec 13 2019) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/maxtor/skynet (217.8G / 230.1G Space Available)
SWAP File; /tmp/mnt/maxtor/myswap.swp (256.0M)
Uptime; 5 days, 10 hours, 34 minutes.
Ram Available; (58M / 249M)
 
Router Model; RT-AC3200
Skynet Version; v7.0.1 (04/12/2019) (b9c0b0628cc89052e9884619c610404b)
iptables v1.4.15 - (eth0 @ 192.168.8.8)
ipset v6.32, protocol version: 6
FW Version; 384.13_2 (Dec 13 2019) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/maxtor/skynet (217.8G / 230.1G Space Available)
SWAP File; /tmp/mnt/maxtor/myswap.swp (256.0M)
Uptime; 5 days, 10 hours, 34 minutes.
Ram Available; (58M / 249M)

Strange, everything you posted indicates it should work. Unfortunately if its still not working there's not much else I can suggest besides roll back to 6.9.2 until the new firmware is out, sorry :confused:
 
7.0.1 works on my AC87U.

Code:
[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | [7s]
[i] Consolidating Blacklist         | [8s]
[i] Filtering IPv4 Addresses        | [6s]
[i] Filtering IPv4 Ranges           | [0s]
[i] Applying New Blacklist          | [13s]
[i] Refreshing AiProtect Bans       | [0s]
[i] Saving Changes                  | [8s]
 
Strange, everything you posted indicates it should work. Unfortunately if its still not working there's not much else I can suggest besides roll back to 6.9.2 until the new firmware is out, sorry :confused:
Perhaps entware isn't installed?

I'm sticking with 6.9.2 on John's fork. Not all progress is good. [/CURMUDGEON]
 
Perhaps entware isn't installed?
That's what I also thought when I first read Safemode's post but then he posted his curl version and it's the entware one.

I'm sticking with 6.9.2 on John's fork. Not all progress is good. [/CURMUDGEON]
7.0 is a lot faster than 6.9, showing the stats takes a lot less time. Worth updating IMO.
 
I'm sticking with 6.9.2 on John's fork. Not all progress is good.

Speaking of Johns fork... What version of curl is shipped there? The github hasn't been updated in 8 months so impossible for me to tell weather a hotfix is also needed there.

That's what I also thought when I first read Safemode's post but then he posted his curl version and it's the entware one.

Quite a strange situation as in theory it should work much like it does to on the AC87U.

7.0 is a lot faster than 6.9, showing the stats takes a lot less time. Worth updating IMO.

Don't forget about the new logo, probably my favorite part about the update :p
 
Speaking of Johns fork... What version of curl is shipped there? The github hasn't been updated in 8 months so impossible for me to tell weather a hotfix is also needed there.
39E3 has 7.64.1
40EC has 7.66 but it's not an official release.
 
Look like 7.0.1 works on my 87u also
But have to do as @Twiglets suggested here it seems
 
Look like 7.0.1 works on my 87u also
But have to do as @Twiglets suggested here it seems
Doesn't it work without that modification? Strange as my 87U does. I wonder if it has something to do with me rebooting the router after installing entware's curl as I had been doing some other script changes, maybe a reboot is needed for the entware's version to be picked up and used instead of the firmware one? It might explain Safemode's issue also.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top