What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have noticed this recently too but I am certain it’s ad-blocker related.
Yes, disabling UBlock Origin for YouTube gets rid of the issue.

Anton
 
I added ICMP support in the latest hotfix, I may refine this in the future with a toggle/selective icmp types but I am very busy moving apartments today/this week so my free time (and sleep! o_O) is limited.

As for the feature request, maybe in the future. I try keep it as simplistic as possible to reduce the number of IPTables entries.
Thanks Adamm!
That did the trick..
 
Hi Adam!

I'm pretty sure you've seen this message many times, but I'll repeat, after the last update, skynet takes very long to start or restart, which causes my network to go down for some time... I have a few lines (iptables rules)after skynet start up command in the firewall-start script. Do you think there is a way to fix the long start/restart of skynet?

Regards

Teymur
 
Hi Adam!

I'm pretty sure you've seen this message many times, but I'll repeat, after the last update, skynet takes very long to start or restart, which causes my network to go down for some time... I have a few lines (iptables rules)after skynet start up command in the firewall-start script. Do you think there is a way to fix the long start/restart of skynet?

Regards

Teymur

See Adamm's response here: https://www.snbforums.com/threads/r...urity-enhancements.16798/page-322#post-558706

He suggests that this is not related to Skynet.
 
@Teymur
I too noticed the unusually long start/restarting time.
I think it depends on the size of the blocking list? Do you have installed unbound?

To rule out another suspect on my side:
I recently experimented around with unbound, I need to try to uninstall unbound and record the restarting time again.
Then I will try to factory reset my router and only install skynet and record the starting/restarting time, so I have a clean installation and time to hold on.
 
Hi Adam!

I'm pretty sure you've seen this message many times, but I'll repeat, after the last update, skynet takes very long to start or restart, which causes my network to go down for some time... I have a few lines (iptables rules)after skynet start up command in the firewall-start script. Do you think there is a way to fix the long start/restart of skynet?

Regards

Teymur

Whilst I have noticed that the lockfile message lingers for a fair bit longer than previously, my network does NOT go down during that time.
(Just out of interest, I recently changed my blocking list from Standard to Medium, and, for all I know, that might be why my lockfile message takes longer to disappear, but to reiterate, it does NOT affect my network.)
 
I don't have Unbound or Diversion installed, still takes 10 minutes to release lock file
 
This is what I've got from Diversion:

547,977 blocked domains by 6 hosts file(s)
390,212 t 3,296 w 64 n ads since Mar 10 12:00

I've always used diversion standard.

What's unbound? I don't have that installed for sure.

Teymur
 
The reason I say my network goes down is because when firewall-start executes the first line in that file is this:

sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/Sandisk/skynet

After this line I have iptables rules for my own purpose. The line above takes 10 min to execute and only after that the firewall-start executes all my rules and network starts to function normally.
I may be wrong, but would it be possible to run that line with a "&" so it goes to the background, so the firewall-start is read instantly?

Teymur
 

Thank you! Now I remember that I might have come across that or saw somewhere. I'm remote now, and don't want to mess around too much with the router. I already have this issue with firewall starting takes long, and I have 20-30 devices on my network all the time. Once I'm back I'll play with that a bit more, but sounds interesting, thanks for sharing!

Regards

Teymur
 
I disabled country lookup because of the delays accessing ipapi.co. And I disabled the webui because the stats generation was also trying to fetch from that site. Much faster now. Once ipapi.co stabilizes, I’ll reenable.

Edit: since the API limits to about 1000 queries a day, is it possible for Skynet to avoid making duplicate calls for the same IP? Or does it already do that?
 
Last edited:
Thank you! Now I remember that I might have come across that or saw somewhere. I'm remote now, and don't want to mess around too much with the router. I already have this issue with firewall starting takes long, and I have 20-30 devices on my network all the time. Once I'm back I'll play with that a bit more, but sounds interesting, thanks for sharing!

Regards

Teymur
You’re welcome. And most wise not to be tempted into playing Russian roulette with your network by messing remotely.
 
Blocking ranges in Skynet.

I'm not a pro on IP addressing so sorry for a possibly stupid question.......

I have noticed that a there are quite a few baddies who try to SSH into one of my NASes. Without success (this far) since I have a fairly OK password. They are using a lot of different IP addresses and user IDs.

Based on the logs from the NAS I would like to block whole ranges of IP addresses in Skynet.

I have 3 questions related to this:
  • How do I block all possible IP addresses between X.X.0.0 and X.X.255.255?
  • I know I can write X.X.X.0/24 to block on the lowest level, but how do I block all possible IP addresses in this range? Is it possible to write for instance X.X.0.0/9? I'm just guessing without knowing...... What consequnces would this have on Skynet and/or the router? Will it be overloaded or will it work anyway by some magic?
  • How do I get a list of all currently blocked IP addresses in Skynet?
 
Hi,

I have started on experience the following error below. I have given the router a restart and I am on the latest version

/jffs/scripts/firewall: line 40: arithmetic syntax error

Would appreciate some assistance
What's the output of:
Code:
sh /jffs/scripts/firewall debug info
 
Hi,

I have started on experience the following error below. I have given the router a restart and I am on the latest version

/jffs/scripts/firewall: line 40: arithmetic syntax error

Would appreciate some assistance
If you run Skynet with this command, it will generate shell debugging output that might be useful to see what the code is encountering:
Code:
sh -x /jffs/scripts/firewall
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top