What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Emphasis on the "or". Skynet will automatically handle this in the background assuming you have entware installed. Although the latest firmware version is generally recommended for the best user experience.
I can't find that in first post under installation, maybe I'm not looking at the right place.

Does it check the curl package from Entware then? How can I check if I have latest? I'm willing to try to update, I just want to avoid see it does not work and have to uninstall and look for/install again the version I use now.
 
Does it check the curl package from Entware then? How can I check if I have latest?

Code:
opkg update
opkg upgrade curl
/opt/bin/curl --version


With that being said, v380.68_4 is over 2 years old and a security risk. If you care about your network I'd consider upgrading.
 
Well it is a free world after all is it not? That also means that I can decide not to let some countries be acceptable for connection.

Feel free to continue blocking entire parts of Internet, but don't cross the line. Think about your personal safety also. Make sure your physical firewall is fully operational and is capable of preventing the impact of that fast approaching cast iron frying pan, dispatched in your direction by your better half.
 
Mow1BfP.png


How did that tab get there :eek::p
 
Hey friends,

I have a question about the settings. I have my router RT-AC86U which runs over a VPN client.
So Fritzbox> Asus Router> Openvpn Client> Home network via WiFi:

I have installed all scripts here. This also works. Unfortunately after about a day I have the problem that my PC shows that no internet connection can be established. Something is probably blocked by Skynet here. After restarting Skynet, it works again for a day. I have the log here:

Dec 29 13:25:18 lul kernel: [BLOCKED - INVALID] IN = eth0 OUT = MAC = b0: 6e: bf: 64: 95: a0: cc: ce: 1e: 0f: 09: 30: 08: 00 SRC = 192.168.178.1 DST = 192.168.178.33 LEN = 60 TOS = 0x00 PREC = 0x00 TTL = 64 ID = 14401 DF PROTO = TCP SPT = 38905 DPT = 80 SEQ = 3251262362 ACK = 0 WINDOW = 14600 RES = 0x00 SYN URGP = 0 OPT (020405B40101080A089F6CD10000000001030304) MARK = 0x8000000

I have now looked at what belongs to which IP.

That would be the WAN IP of the Asus router: WAN IP: 192.168.178.33 and the 192.168.178.1 would be the IP of the Fritzbox. I added this to the whitelist via IP. Would that be okay? Why is the connection to the Fritzbox blocked, where does the connection to the Internet come from? I had repeated the problem this morning.


Thanks for the help and sorry for the Google translation

lg. Philipp
 

Attachments

  • 2019-12-30 08_59_49-Window.png
    2019-12-30 08_59_49-Window.png
    36.9 KB · Views: 222
It took me some time. But now I have a working version.
See github for more info: https://github.com/Adamm00/IPSet_ASUS/issues/27

This proof of concept will demonstrate two new features:
  • Only download new or changes ipsets (already implemented in Skynet 7)
  1. Only update new or changed ipsets.
  2. Use the ipset swap feature:
  • Keep the current ipset working and load an (inactive) temp ipset in the background.
  • Swap these two sets without any delay or downtime!
 
I was visiting a family member earlier today and tried to remote SSH into my own router (at home) from my iPad, a few times. While this worked initially, it stopped suddenly. Initially I thought my router had crashed, but after changing the IP address of my iPad using a commercial VPN I could log in again and noticed that SkyNet had blocked the “regular” IP! After unbanning it, everything was fine again.

How can I prevent this in the future?

I’m not sure whether this family member has a static IP address, so I’m not sure I can/should whitelist it.
 
I was visiting a family member earlier today and tried to remote SSH into my own router (at home) from my iPad, a few times. While this worked initially, it stopped suddenly. Initially I thought my router had crashed, but after changing the IP address of my iPad using a commercial VPN I could log in again and noticed that SkyNet had blocked the “regular” IP! After unbanning it, everything was fine again.

How can I prevent this in the future?

I’m not sure whether this family member has a static IP address, so I’m not sure I can/should whitelist it.

May I suggest you not turn on SSH from WAN, and instead VPN in first :)
 
I was visiting a family member earlier today and tried to remote SSH into my own router (at home) from my iPad, a few times. While this worked initially, it stopped suddenly. Initially I thought my router had crashed, but after changing the IP address of my iPad using a commercial VPN I could log in again and noticed that SkyNet had blocked the “regular” IP! After unbanning it, everything was fine again.

How can I prevent this in the future?

I’m not sure whether this family member has a static IP address, so I’m not sure I can/should whitelist it.
If they can setup a DDNS name for their WAN IP, you can add that name to your whitelist.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top