What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

On the Administration / System page, disable "Enable WAN down browser redirect notice". Then test it again.
Hi Dave,

Thanks! That's done now! I've got connmon installed, so that will tell me if the connection went down and for how long. Will keep a close eye on it. Although I've always had "Enable WAN down browser redirect notice" enabled, and it never caused any issues for me. Well, let's see what happens now.
 
No such thing as Skynet residue. I will assure you again this issue isn't Skynet related.

Hi Adam!

Thank you! I love Skynet a lot and will definitely install it back once this issue is resolved! It’s just me trying to figure out what’s wrong by eliminating possible (to my knowledge) causes. Sorry for blaming it on Skynet.


Отправлено с моего iPhone используя Tapatalk
 
Country lookup setting is for SSH based stats, it doesn't have any effect on the WebUI ones. I may revise this in future.
OK. Thanks for the info.
 
Didn't get any response to my previous question on banning IP address ranges......

So I tried entering a dozen ranges using X.X.0.0/8.

Seemed to work fine for a while but after some time I noticed that browsing ground to a halt and CPU usage became 100% on both CPUs. Everything slowed down.

I normally have 250 Mbit / sec down and 100 up. In the end I had less than 0.25 Mbit / sec down.....

Bypassing the router I got the speed I expected, so I knew there was something in the router.

Removed Diversion and Skynet and the other tools - and all was back to normal.

To me it seems like it is not possible to use ranges this way. Or at least not ranges that generate an enormous amount of banned IP addresses...... Can anyone confirm or dismiss my suspicion before I re-install the tools?
 
So I tried entering a dozen ranges using X.X.0.0/8.
Not sure about an answer to your entire question, but blocking x.x.0.0/8 is really blocking x.0.0.0. You want /16 if the first 2 octets are significant.

What public IP space can you ban these days with a /16 and not break something? EDIT: I guess I mean blocking a /8 is bound to break something. Skynet blocks several /16 ranges.
 
Didn't get any response to my previous question on banning IP address ranges......

So I tried entering a dozen ranges using X.X.0.0/8.

Seemed to work fine for a while but after some time I noticed that browsing ground to a halt and CPU usage became 100% on both CPUs. Everything slowed down.

I normally have 250 Mbit / sec down and 100 up. In the end I had less than 0.25 Mbit / sec down.....

Bypassing the router I got the speed I expected, so I knew there was something in the router.

Removed Diversion and Skynet and the other tools - and all was back to normal.

To me it seems like it is not possible to use ranges this way. Or at least not ranges that generate an enormous amount of banned IP addresses...... Can anyone confirm or dismiss my suspicion before I re-install the tools?
Skynet default block list have ranges banned. Here is a snippet from my last Skynet [save] hourly summary.
Code:
1816 Ranges Banned
 
Guys, I've been closely monitoring this skynet issue that I have. Once the skynet attempts to start/restart this is what I get:

[*] Lock File Detected (start skynetloc=/tmp/mnt/Sandisk/skynet) (pid=5415)
[*] Locked Processes Generally Take 1-2 Minutes To Complete And May Result In Temporarily "Failed" Tests
IPTables Rules | [Failed]

So once this happens there in no internet access on LAN interface and WiFi, say if I do a ping to facebook.com this is what I get:
I have noticed this as well and that's why I came here to read the latest messages.

edit: By the way, this started happening maybe last week or so. Hard to say exactly because there has been so many updates during the last couple of weeks.
 
Last edited:
This is part of the boot up sequence. Notice the time difference between the two entries.
Code:
Mar 12 05:56:31 ovpn-client1[2602]: Initialization Sequence Completed
Mar 12 05:56:50 YazFi: Firewall restarted - sleeping 60s before running YazFi

Seems Skynet is deleting normal entries in the log. I have scheduled reboots at 05:55 and there isn't a Skynet entry for almost a hour afterwards.

This is during normal operation and the first instance of Skynet after the reboot.
Code:
Mar 12 06:40:33 rc_service: amas_lib 1134:notify_rc restart_firewall
Mar 12 06:40:33 custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Mar 12 06:40:33 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Mar 12 06:40:33 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Mar 12 06:43:12 Skynet: [i] Mounting Skynet Web Page As user1.asp
Mar 12 06:43:13 Skynet: [#] 221454 IPs (+0) -- 2246 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [160s]
Mar 12 06:43:13 YazFi: Firewall restarted - sleeping 60s before running YazFi
 
Last edited:
More often than not, I'm getting 'No Data to Display' in every field

I see similar. I noticed it on the Outbound blocks only a few days ago and wasn’t at all bothered: I assumed there simply was no activity, especially as the Inbound was populated. (Indeed, it lists zero hits outbound. And I do have filtering set to All.)



Today, however, I see No Data to Display in the Inbounds.

The top 2 horizontal histograms Targeted Ports and Source Potts are working fine, though.


Same for you?
 

Attachments

  • 87102EBB-EA5F-4E9F-BEF1-4CB0B2EAC96E.png
    87102EBB-EA5F-4E9F-BEF1-4CB0B2EAC96E.png
    154.2 KB · Views: 141
  • C80FB4BD-7834-41DB-A41B-4BF15DF9F1DE.png
    C80FB4BD-7834-41DB-A41B-4BF15DF9F1DE.png
    204.5 KB · Views: 175
I get the same! Although, mine doesn't even say "No Data to Display", I just get an empty grey box.

Some strange things have been happening with my Skynet recently:-
- This
- IoT blocking stopped working like it used to
- Lock files for 10+ minutes

I'm not saying it's Skynet's fault. Just an observation.
 
I see similar. I noticed it on the Outbound blocks only a few days ago and wasn’t at all bothered: I assumed there simply was no activity, especially as the Inbound was populated. (Indeed, it lists zero hits outbound. And I do have filtering set to All.)



Today, however, I see No Data to Display in the Inbounds.

The top 2 horizontal histograms Targeted Ports and Source Potts are working fine, though.


Same for you?

Send me a copy of your stats.js file and skynet.log

- IoT blocking stopped working like it used to

This is due to one of the YazFi compatibility changes which in turn broke other usage, I'll be reverting this commit shortly and working on (or dropping all-together) YazFi support another day.

I still cannot account for any lock files taking excessive amounts of time, for anyone affected does this happen when you manually run banmalware or the restart commands? Hopefully I will be back to a somewhat normal schedule this weekend, moving has been eating up all my free time :rolleyes:
 
Send me a copy of your stats.js file and skynet.log



This is due to one of the YazFi compatibility changes which in turn broke other usage, I'll be reverting this commit shortly and working on (or dropping all-together) YazFi support another day.

I still cannot account for any lock files taking excessive amounts of time, for anyone affected does this happen when you manually run banmalware or the restart commands? Hopefully I will be back to a somewhat normal schedule this weekend, moving has been eating up all my free time :rolleyes:
Today I did a clean installation of Skynet. Lock file still takes longer than usual...
 
Today I did a clean installation of Skynet. Lock file still takes longer than usual...

What is the output of;

Code:
sh /jffs/scripts/firewall banmalware
 
Send me a copy of your stats.js file and skynet.log



This is due to one of the YazFi compatibility changes which in turn broke other usage, I'll be reverting this commit shortly and working on (or dropping all-together) YazFi support another day.

I still cannot account for any lock files taking excessive amounts of time, for anyone affected does this happen when you manually run banmalware or the restart commands? Hopefully I will be back to a somewhat normal schedule this weekend, moving has been eating up all my free time :rolleyes:
You could always, ya know, ask me to help out and we work together to find a solution?

EDIT: I can write a module/extension script that Skynet could call if it exists? YazFi would then do the heavy lifting to re-create Skynet's IoT blocking rules for the applicable YazFi'd interfaces. I'm thinking you would pass create or delete as an instruction to it, and I can handle it from there
 
Last edited:
You could always, ya know, ask me to help out and we work together to find a solution?

That's a worse case scenario (dropping support), I have every intention on supporting all user scripts where possible. This feature will just require some rethinking on my end if it were to support YazFi.
 
See my edit :)
I'm happy to do the bulk of the work since my script is the conflicting factor!

Give me a few days to assess the situation, there could be a seamless solution on my end.



I've pushed v7.1.3

Code:
Remove inactive lists
Dynamically remove/add IOT blocking IPTables rules depending on if there are entries or not
Add ICMP support to IOT rules
Unban_PrivateIP() Improvements
Space out swap creation output
Don't lookup country in WebUI when setting disabled
Improved Scribe support
 - Install plugin if scribe detected
 - Fix incorrectly configured syslog locations
 
What is the output of;

Code:
sh /jffs/scripts/firewall banmalware

github.com/Adamm0## 12/03/2020 - v7.1.2 #####################################################################

====================================================================

Downloading filter.list | [1s]
Refreshing Whitelists | [19s]
Consolidating Blacklist | [14s]
Filtering IPv4 Addresses | [7s]
Filtering IPv4 Ranges | [1s]
Applying New Blacklist | [14s]
Refreshing AiProtect Bans | [10s]
Saving Changes | [6s]

For Whitelisting Assistance -
https://www.snbforums.com/threads/release-skynet-router-firewal2

====================================================================

[#] 147535 IPs (-3205) -- 1785 Ranges Banned (-68) || 824 Inbound -]
teymur88@router:/tmp/home/root#



Отправлено с моего iPhone используя Tapatalk
 
github.com/Adamm0## 12/03/2020 - v7.1.2 #####################################################################

====================================================================

Downloading filter.list | [1s]
Refreshing Whitelists | [19s]
Consolidating Blacklist | [14s]
Filtering IPv4 Addresses | [7s]
Filtering IPv4 Ranges | [1s]
Applying New Blacklist | [14s]
Refreshing AiProtect Bans | [10s]
Saving Changes | [6s]

For Whitelisting Assistance -
https://www.snbforums.com/threads/release-skynet-router-firewal2

====================================================================

[#] 147535 IPs (-3205) -- 1785 Ranges Banned (-68) || 824 Inbound -]
teymur88@router:/tmp/home/root#



Отправлено с моего iPhone используя Tapatalk

Okay good so that rules out quite a few functions, what about the following command;

Code:
sh /jffs/scripts/firewall debug genstats
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top