What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have tried: Brave, Firefox and Safari on both my iPad and iPhone.

I have had enough tonight, my head is swimming with it all.

Once again, I have uninstalled Skynet completely. Made sure that the Skynet installation directory has been deleted. Rebooted the router, and then installed Skynet via the AMTM menu. Also creating a new swap file as I chose to delete the old one when I uninstalled Skynet.

I will leave the router untouched over night and check tomorrow evening when I get home from work.

Strange thing is that the traditional Skynet logs are still populating.

I feel that I am going round in circles.

Back tomorrow and thanks for you patience.

Update:
Sorry for the delay in updating you. Life, unfortunately got in the way.

Fortunately I take regular configuration and JFFS backups so I decided to drop my AX88U back to just before I updated SkyNet and enabled the Web GI.
Good news. I now have a fully populated SkyNet UI, no more 'No Data' messages. I have no idea what went wrong, everything looked OK but it obviously wasn't OK and I was going round in circles trying to figure out what.

Can I ask though, how often does the SkyNet UI refresh? I guess that it's on a CRON job.

Thanks again.


Top Tip: TAKE REGULAR BACKUPS !!!
 
Your log file was probably purged recently (we purge this at 10MB) and you haven't had any outbound blocks since. Compare the stats webpage to the CLI version, only then if there is a difference you should investigate further;

Code:
sh /jffs/scripts/firewall stats
Ok, that was it, I forgot this happens. I saw it at 8.4M a couple days back when I was doing all the digging. Thank you.
Code:
Last 10 Unique Connections Blocked (Outbound);
--------------       | --------------                                          | --------------                                | ----------------------                                     
| IP Address |       | | AlienVault |                                          | | Ban Reason |                                | | Associated Domains |                                     
--------------       | --------------                                          | --------------                                | ----------------------                                     
--*
Code:
Top 10 HTTP(s) Blocks (Outbound);
-*-
--------   | --------------       | --------------                                          | --------------                                | ----------------------                                   
| Hits |   | | IP Address |       | | AlienVault |                                          | | Ban Reason |                                | | Associated Domains |                                   
--------   | --------------       | --------------                                          | --------------                                | ----------------------
 
Your log level settings are non-default, these should be at;

Default message log level - notice
Log only messages more urgent than - debug

I'm not sure where you mean? Skynet only presents me with an option to enable or disable logging. I have never changed any default logging options in either Skynet or my router. Also in my original debug post you said everything looked ok so I'm not sure what you are referring to either.

Ok never mind ... I assumed maybe it was a Scribe issue so I reinstalled that and it seems to be working now. Thanks!
 
Last edited:
I'm not sure where you mean? Skynet only presents me with an option to enable or disable logging. I have never changed any default logging options in either Skynet or my router. Also in my original debug post you said everything looked ok so I'm not sure what you are referring to either.

Ok never mind ... I assumed maybe it was a Scribe issue so I reinstalled that and it seems to be working now. Thanks!
In the router web UI under Systemlog:
upload_2020-1-9_17-23-0.png
 
I have a really dumb question; How do I get the Skynet menu to show up? I understand the CLI (via Putty). However, I like the GUI. Not sure how to open it.
 
I have a really dumb question; How do I get the Skynet menu to show up? I understand the CLI (via Putty). However, I like the GUI. Not sure how to open it.
Type "firewall" at the prompt?
 
I have a really dumb question; How do I get the Skynet menu to show up? I understand the CLI (via Putty). However, I like the GUI. Not sure how to open it.
You're looking for the stats in GUI of router? First you need to be on firmware 384.15_a1, yeah I know that should be specified right in the first post in bold. Then in the firewall tab you'll see it.
 
  • Like
Reactions: a5m
Can I ask though, how often does the SkyNet UI refresh? I guess that it's on a CRON job.

Every 12 hours (or when manually generated).

Exactly, mine doesn't look like that because I use Scribe. It's all good now though. Thanks.

I'm glad its working but those are still non-default settings and may cause other logging inconsistencies, from what I can tell Scribe doesn't change them and they were manually modified.
 
Your log file was probably purged recently (we purge this at 10MB) and you haven't had any outbound blocks since. Compare the stats webpage to the CLI version, only then if there is a difference you should investigate further;
Generally in scribe we don't have a logrotate config for the skynet logs. I wonder if it would be of use to rotate these at the 5MB mark through logrotate instead of within skynet?
 
Generally in scribe we don't have a logrotate config for the skynet logs. I wonder if it would be of use to rotate these at the 5MB mark through logrotate instead of within skynet?

Personally I found 10MB to be the sweet spot for Skynets logs. It roughly gives you a weeks worth of stats and keeps the stats generation process at a fairly reasonable time.

Keeping any older data I don’t see a huge demand for.
 
You're looking for the stats in GUI of router? First you need to be on firmware 384.15_a1, yeah I know that should be specified right in the first post in bold. Then in the firewall tab you'll see it.
Thanks Rhialto. I'm not on 384.15, so I guess that explains why I cant open it.
 
Keeping any older data I don’t see a huge demand for.
Just to clarify for someone who is new to Skynet and the Skynet app while the logged data detail is reset the cumulative counters are not. For instance my log was recently reset and while Skynet shows just 2,741 blocks if look at countries blocked and hover over the pie chart for countries it shows Russia = 8,300, NL = 3,000, etc. Same for the data in other charted data series.

To me this is the best of both worlds as it provides the information needed to consider blocking entire countries as well as what inbound ports the bots are banging on currently. Thanks for this very useful app.
 
Every 12 hours (or when manually generated).

I'm glad its working but those are still non-default settings and may cause other logging inconsistencies, from what I can tell Scribe doesn't change them and they were manually modified.
The only thing I do with skynet is change the location of the logfile using
Code:
sh /jffs/scripts/firewall settings syslog /opt/var/log/skynet-0.log"
The syslog-ng filter for Skynet looks for messages either originating from "Skynet" or containing either the string "BLOCKED -" or "DROP IN=" and puts them in /opt/var/log/skynet-0.log rather than the system log (/opt/var/log/messages).

@Jack Yaz's uiScribe removes the "Default message log level" and "Log only messages more urgent than" options. The first only sets the router's log level, and the second is passed to syslogd, but not to syslog-ng. Setting either of those, even through nvram, should have no effect on syslog-ng's logging.

Setting what message log levels to log would be done in the syslog-ng configuration files, and I don't include any filters that even look at log level. With syslog-ng installed through scribe, the default is to log everything except blank messages in either its own log or in /opt/var/log/messages.
 
Last edited:
Generally in scribe we don't have a logrotate config for the skynet logs. I wonder if it would be of use to rotate these at the 5MB mark through logrotate instead of within skynet?
Personally I found 10MB to be the sweet spot for Skynets logs. It roughly gives you a weeks worth of stats and keeps the stats generation process at a fairly reasonable time.

Keeping any older data I don’t see a huge demand for.
I 110% agree with Adamm here, Skynet polices its own logs, I don't want there to have to be collaboration between scribe and Skynet for log rotation. skynet-0.log is scraped clean every hour, I honestly couldn't care less how much Skynet keeps in skynet.log, even with uiScribe, skynet.log isn't shown in the webUI.
 
I just noticed that you released another minor update. Do you still recommend to do a forced update with reboot for these minor updates or is it okay now to just update?
 
I just noticed that you released another minor update. Do you still recommend to do a forced update with reboot for these minor updates or is it okay now to just update?

The update process is independent and in %99 of cases no further action is required by the user.
 
@Adamm I just updated and thought I would do a cold boot, power down and unplug and deplete power from device. I booted back up, and my IPTables are reporting failed. I uninstall and reboot from webui and reinstall and it all works again. This has happened to me twice in as many days.
 
@Adamm I just updated and thought I would do a cold boot, power down and unplug and deplete power from device. I booted back up, and my IPTables are reporting failed. I uninstall and reboot from webui and reinstall and it all works again. This has happened to me twice in as many days.

Can't reproduce on my end. Will need additional information when it happens including syslog output before/after it fails, and the output from;

Code:
sh /jffs/scripts/firewall debug info
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top