What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ignore the latest few blocks. Those were me trying to load the address via my computer.

Seems like ti was trying to connect via port 123
Yes, maybe try using a more specific ntp server pool for your region/country so it might not use that one again.
 
Please post the output of;

Code:
sh /jffs/scripts/firewall debug info

Along with an extract of your syslog

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Failed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 7 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Failed]
IPTables Rules | [Failed]
Local WebUI Files | [Failed]
Mounted WebUI Files | [Failed]
MenuTree.js Entry | [Failed]
Diversion Plus Content | [Failed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Ban AiProtect | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

10/17 Tests Sucessful

[*] Rule Integrity Violation - [ #1 #2 #3 #4 #5 #6 #7 #8 #16 #17 #18 ]

[*] Local File Missing - [ stats.js ]

[*] Mounted File Missing - [ skynet.asp stats.js chartjs-plugin-zoom.js hammerjs.js ]

Please explain what do you mean under "extract of your syslog"? I've found my syslog in /tmp/? Is it a right file?
 
Please explain what do you mean under "extract of your syslog"? I've found my syslog in /tmp/? Is it a right file?

Correct. First run the following command;

Code:
service restart_firewall

Wait about 2 minutes, then post the last few dozen lines of the syslog file (which can also be viewed from the WebUI)
 
Hey @Adamm My AX88U has the Network Map Client List bug. I have 22 devices and all of them are connected but the client list shows "0" this has a effect on Skynet, it can't tell what device is calling out to the web when blocked. Instead of showing the private IP of origin it shows the global public IP making the request that is blocked. Can anything be done to get around this? My offline client list is full with online clients its a really strange bug.:confused::confused:o_Oo_O
 
Hey @Adamm My AX88U has the Network Map Client List bug. I have 22 devices and all of them are connected but the client list shows "0" this has a effect on Skynet, it can't tell what device is calling out to the web when blocked. Instead of showing the private IP of origin it shows the global public IP making the request that is blocked. Can anything be done to get around this? My offline client list is full with online clients its a really strange bug.:confused::confused:o_Oo_O
That usually means it's the router generating the blocked outbound traffic, not a client.
 
That usually means it's the router generating the blocked outbound traffic, not a client.
All of them are ntp port 123 communication.
 
That usually means it's the router generating the blocked outbound traffic, not a client.
I don't think that's it. I have a device that calls a russian ntp server that is blacklisted by skynet and since losing my client list this seems to be the effect.
 
I don't think that's it. I have a device that calls a russian ntp server that is blacklisted by skynet and since losing my client list this seems to be the effect.
If the syslog shows the blocks with IN=<blank> and OUT=eth0/vlan2, then it's coming from the router. If it's IN=br0 it's coming from a client.
 
This is what they look like:
Code:
Feb  4 15:00:43 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC
Feb  4 15:00:46 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC
Again this only started happening since I lost my client list.
 
This is how Skynet see's my IoT list: (the missing host names are all either ethernet clients or clients on my AP. The defined hosts are 5g clients on the router itself.


| Device Name | | | Local IP | | | MAC Address | | | Status |
--------------- | ------------ | --------------- | ----------
Unknown | 142.165.*.* | | Unblocked
Unknown | 192.168.50.4 | | Unblocked
Unknown | 192.168.50.5 | | Unblocked
Unknown | 192.168.50.6 | | Unblocked
Unknown | 192.168.50.21 | | Unblocked
Unknown | 192.168.50.23 | | Unblocked
Unknown | 192.168.50.24 | | Unblocked
Unknown | 192.168.50.26 | | Unblocked
Unknown | 192.168.50.27 | | Unblocked
Unknown | 192.168.50.28 | | Unblocked
Unknown | 192.168.50.29 | | Unblocked
Chromecast-Ultra | 192.168.50.30 | | Unblocked
Google-Home-Mini | 192.168.50.31 | | Unblocked
Google-Home | 192.168.50.32 | | Unblocked
Unknown | 192.168.50.34 | | Unblocked
Unknown | 192.168.50.35 | | Unblocked
Q60 | 192.168.50.39 | | Unblocked
Unknown | 192.168.50.44 | | Unblocked
Unknown | 192.168.50.45 | Unknown | Unblocked
Unknown | 192.168.50.51 | | Unblocked
Unknown | 192.168.50.52 | | Unblocked
Unknown | 192.168.50.53 | | Unblocked
Unknown | 192.168.50.54 | | Unblocked
 
This is how Skynet see's my IoT list: (the missing host names are all either ethernet clients or clients on my AP. The defined hosts are 5g clients on the router itself.
Code:
| Device Name |                          | | Local IP |     | | MAC Address |      | | Status |
---------------                          | ------------     | ---------------      | ----------
Unknown                                  | 142.165.*.*    |     | Unblocked
Unknown                                  | 192.168.50.4     |   | Unblocked
Unknown                                  | 192.168.50.5     |     | Unblocked
Unknown                                  | 192.168.50.6     |     | Unblocked
Unknown                                  | 192.168.50.21    |    | Unblocked
The Unknown device name indicates it couldn't find a match in /var/lib/misc/dnsmasq.leases.
 
The Unknown device name indicates it couldn't find a match in /var/lib/misc/dnsmasq.leases.
Sure enough just the 4 devices listed.
 
Correct. First run the following command;

Code:
service restart_firewall

Wait about 2 minutes, then post the last few dozen lines of the syslog file (which can also be viewed from the WebUI)


Feb 5 16:15:15 Skynet: Startup Initiated... ( skynetloc=/tmp/mnt/NET/skynet )
Feb 5 16:15:15 Skynet: [*] SWAP File Missing ( /dev/sdb1 ) - Fix This By Running ( /jffs/scripts/firewall debug swap uninstall )
Feb 5 16:15:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:16:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:16:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:17:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:17:33 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth F0:A3:5A:B4:70:ED, status: 0, reason: d11 RC reserved (0)
Feb 5 16:17:33 syslog: WLCEVENTD wlceventd_proc_event(449): eth1: Assoc F0:A3:5A:B4:70:ED, status: 0, reason: d11 RC reserved (0)
Feb 5 16:17:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:18:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:18:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:19:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:19:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:20:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:20:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:21:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:21:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:22:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:22:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:23:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:23:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:23:56 syslog: WLCEVENTD wlceventd_proc_event(401): eth2: Disassoc 00:F4:8D:ED:15:F7, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Feb 5 16:23:56 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 00:F4:8D:ED:15:F7, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Feb 5 16:24:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:24:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:25:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:25:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:26:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:26:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
 
Feb 5 16:15:15 Skynet: Startup Initiated... ( skynetloc=/tmp/mnt/NET/skynet )
Feb 5 16:15:15 Skynet: [*] SWAP File Missing ( /dev/sdb1 ) - Fix This By Running ( /jffs/scripts/firewall debug swap uninstall )
Feb 5 16:15:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:16:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:16:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:17:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:17:33 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth F0:A3:5A:B4:70:ED, status: 0, reason: d11 RC reserved (0)
Feb 5 16:17:33 syslog: WLCEVENTD wlceventd_proc_event(449): eth1: Assoc F0:A3:5A:B4:70:ED, status: 0, reason: d11 RC reserved (0)
Feb 5 16:17:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:18:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:18:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:19:06 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:19:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:20:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:20:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:21:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:21:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:22:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:22:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:23:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:23:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:23:56 syslog: WLCEVENTD wlceventd_proc_event(401): eth2: Disassoc 00:F4:8D:ED:15:F7, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Feb 5 16:23:56 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 00:F4:8D:ED:15:F7, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Feb 5 16:24:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:24:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:25:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:25:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:26:09 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)
Feb 5 16:26:39 syslog: WLCEVENTD wlceventd_proc_event(386): eth2: Deauth_ind 64:1C:B0:1C:ED:CC, status: 0, reason: Class 3 frame received from nonassociated station (7)


And theres your issue ;)

Code:
Feb 5 16:15:15 Skynet: [*] SWAP File Missing ( /dev/sdb1 ) - Fix This By Running ( /jffs/scripts/firewall debug swap uninstall )

Run the swap uninstall command followed by the swap install command.
 
Does "Ban AiProtect" in settings (11, 7) completely disable AiProtect? (I assume it does but I just want to confirm)
 
Does "Ban AiProtect" in settings (11, 7) completely disable AiProtect? (I assume it does but I just want to confirm)
No, it bans IPs that are blocked by AiProtect.
 
And theres your issue ;)

Code:
Feb 5 16:15:15 Skynet: [*] SWAP File Missing ( /dev/sdb1 ) - Fix This By Running ( /jffs/scripts/firewall debug swap uninstall )

Run the swap uninstall command followed by the swap install command.

But I have already my own swap, it doesn't load correct after reboot, right now swap is active.
So when i did this - /jffs/scripts/firewall debug swap install - I've seen - [*] Skynet Can Not Modify Swap Partitions - Exiting!

Mem: 255676 200692 54984 0 1332 13920
-/+ buffers/cache: 185440 70236
Swap: 1959892 662456 1297436
 
Is it possible to install Skynet onto an AX56U? or the AX58U? The routers aren't currently supported by Merlin but Skynet is the only thing I'm currently using and I was just curious, thanks.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top