Skynet Skynet - Router Firewall & Security Enhancements

[Butterfly Bones]

i just tested it it broke alot, what i should of asked is was there a malware list for other countries, that i could add and where to source them from.
also thank you

I can only speak from experience using Skynet and reading following this forum since the early days of Skynet, the default lists seem to cover worldwide bad agents. I look to Diversion more for the malware lists and blocking.

 

[Vexira]

I can only speak from experience using Skynet and reading following this forum since the early days of Skynet, the default lists seem to cover worldwide bad agents. I look to Diversion more for the malware lists and blocking.

Ahh ok awesome that's great news, I'll just leave Skynet as is I've got a pi hole running, I have to buy a new flash drive since my old one decided to give up on me sadly, using a temporary one at the moment.

 

[martinr]

So is it possible in that case to block VPN connections, I've been meaning to host a 7 days to die server but, now curious about preventing Chinese players from joining, when they do it causes lag plus only the ones who like to use cheats seem to join.

And for some reason when players who are not here form Australia join the game breaks and the server has a fit.

I’m not happy giving my wife access to the network, and you’re letting any old cheat in? Is the lag due to the exfiltration and uploading of all your data to China?

 

[Vexira]

I’m not happy giving my wife access to the network, and you’re letting any old cheat in,? Is the lag due to the exfiltration and uploading of all your data to China?

It's whenever Chinese players join, I'm guessing they are running background scrips to spawn everything in I've caught them in a few servers with items that are end game within 10 minutes of joining, it's seems that somehow overnight they can raid multiple bases on a server in a short time all bases having the security blocks in place which is near impossible to bypass, I've talked to a few admins before who had some method of blocking VPN connections to the server, most admins would ban or block them from joining due to the havoc they cause.

The lag is most likely also because here in Australia we have very slow upload speeds and lots of network congestion in many areas, not to mention that some of us have VDSL2 and the cable pits are in dire need of upgrades due to bad joins.

 

[martinr]

It's whenever Chinese players join, I'm guessing they are running background scrips to spawn everything in I've caught them in a few servers with items that are end game within 10 minutes of joining, it's seems that somehow overnight they can raid multiple bases on a server in a short time all bases having the security blocks in place which is near impossible to bypass, I've talked to a few admins before who had some method of blocking VPN connections to the server, most admins would ban or block them from joining due to the havoc they cause.

The lag is most likely also because here in Australia we have very slow upload speeds and lots of network congestion in many areas, not to mention that some of us have VDSL2 and the cable pits are in dire need of upgrades due to bad joins.

I’m sure if you send a crowdfunding request to the Chinese, your cable pits would soon get fixed, especially if it means they don’t have to sit around watching a painfully slow upload of all your banking data.

 

[Vexira]

I’m sure if you send a crowdfunding request to the Chinese, your cable pits would soon get fixed, especially if it means they don’t have to sit around watching a painfully slow upload of all your banking data.

You know what I might ask them for fiber to the house might be cheaper, than what the NBN co, the main wholesale company is charging.

I heard these guys are pretty efficient at building mabye they might upgrade the network to gigabit while they are at it if I pay them extra.

 

[Andorul]

You say the AX88U is behind the ISP router. How is that ISP router set up; is it in bridge mode so that it is, effectively, your modem?

And you say “since that, nothing happens”. What exactly do you mean by “nothing”, or, what were you expecting to see?

When I look to pictures of Skynet in post 1 there are some Inbound/Outbound blocked IP in my case maybe because my AX88U is behind the ISP GPON Modemn/Router(Cascade mode I think is what is called - no BRIDGE) I fortunately have no Inbound blocked IP's.

 

[CaptainSTX]

Hi, my question is if this is working correctly cuz since i've install Skynet it never catch anything I wander if this is because of the ROUTER IP 192.168.50.1 is different from IP 192.168.1.1?
)

It makes no difference what your LAN subnet or router's IP is.

 

[dave14305]

When I look to pictures of Skynet in post 1 there are some Inbound/Outbound blocked IP in my case maybe because my AX88U is behind the ISP GPON Modemn/Router(Cascade mode I think is what is called - no BRIDGE) I fortunately have no Inbound blocked IP's.

True. Your ISP router is blocking everything (hopefully everything) before it reaches your ASUS.

 

[dave14305]

I’m not happy giving my wife access to the network

I didn’t know we men were allowed to state this publicly.

 

[AntonK]

I didn’t know we men were allow to state this publicly.

Thanks To Stay-At-Home Order, Husbands Have New Opportunity To Supervise Their Wives Doing Chores

 

[Deleted member 62525]

It means your router isn't being assigned a public IP and instead you are in a double-nat situation with your modem not being in bridge mode or your ISP has provided you an IP via CG-NAT.

What is the output of;

sh /jffs/scripts/firewall debug info

I understand the message about the CG-NAT but I don't understand the objective.
Does it imply that some SkyNet functionality failed to execute because we have CG-NAT configuration? The message is misleading and almost suggestive that we should enable Bridged mode or Skynet is not working properly.

 

[Adamm]

I understand the message about the CG-NAT but I don't understand the objective.
Does it imply that some SkyNet functionality failed to execute because we have CG-NAT configuration? The message is misleading and almost suggestive that we should enable Bridged mode or Skynet is not working properly.

Skynet is working but not at full capacity and will mostly only be used for outbound blocks as there is a layer of routing done before your router receives your internet connection. This goes for CG-NAT and non-bridge mode configurations.

 

[Deleted member 62525]

Skynet is working but not at full capacity and will mostly only be used for outbound blocks as there is a layer of routing done before your router receives your internet connection. This goes for CG-NAT and non-bridge mode configurations.

If I understand it correctly, since one is behind the CG-NAT Skynet is unable to determine source IP? Is that a reason?
Skynet is IP firewall and as I remember for a long time (I have the same config for years) I have never seen this message and Skynet would block both inbound and outbound IP pockets. See attached.

 

[BeHappy]

I have a question how to enable the "Skynet Statistics Monitoring From To Log Size - (0B)" within the RMerlin firmware.

I have enabled the logging in Skynet and I use the latest Merlin 384.16 firmware.

Really no idea how to get the stats filled with data. Feels like I am missing something stupid...

ONEPLUS 5T with Tapatalk

 

[Vexira]

Thanks Adamm, Been spending a bit of time on the analysis of the logs.
I have blocked countries ru kr kp ir cn.
My stats show tons of outgoing blocks to loads of pool.ntp.org IP's. I assume these are from blocked countries and I can whitelist this domain ? :

12x https://otx.alienvault.com/indicator/ip/203.217.204.135 - [asia.pool.ntp.org pool.ntp.org]
11x https://otx.alienvault.com/indicator/ip/211.233.84.186 - [pool.ntp.org]
11x https://otx.alienvault.com/indicator/ip/211.233.40.78 - [pool.ntp.org]
7x https://otx.alienvault.com/indicator/ip/185.105.186.198 - [pool.ntp.org]
5x https://otx.alienvault.com/indicator/ip/195.78.244.50 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/91.198.10.4 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/85.21.78.23 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/80.240.216.155 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/79.142.192.4 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/195.210.189.106 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/193.27.209.211 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/193.27.209.20 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/185.103.110.248 - [pool.ntp.org]
2x https://otx.alienvault.com/indicator/ip/144.217.181.221 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/94.247.111.10 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/91.218.89.74 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/89.221.207.113 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/89.175.20.7 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/85.93.216.115 - [pool.ntp.org]
1x http://otx.alienvault.com/indicator/ip/85.21.78.91 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/79.142.192.130 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/78.140.251.2 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/46.173.6.142 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/195.78.244.34 - [pool.ntp.org]
1x https://otx.alienvault.com/indicator/ip/193.27.208.100 - [pool.ntp.org]

im having the same issue with ntp being blocked its stopping the jack yaz ntp script form working, did you mange to fix it?

 

[Vexira]

I've attempted to unblock the au.pool.ntp.org domains 0-3, because it's interfering with the reboot scheduler, due to lack of ability to sync time, which after checking the logs I saw some prior status form, Skynet along with the new status from the reboot.

Even with a domain whitelist I still couldn't load the website of au.pool.ntp.org

 

[Adamm]

I remember for a long time (I have the same config for years) I have never seen this message

The message was only added in a recent update. Skynet will still work with a CG-NAT setup, you will just see less hits due to there being a layer of filtering before your router receives a connection.

I have a question how to enable the "Skynet Statistics Monitoring From To Log Size - (0B)" within the RMerlin firmware.

I have enabled the logging in Skynet and I use the latest Merlin 384.16 firmware.

Really no idea how to get the stats filled with data. Feels like I am missing something stupid...

ONEPLUS 5T with Tapatalk

What is the output of;

sh /jffs/scripts/firewall debug info

im having the same issue with ntp being blocked its stopping the jack yaz ntp script form working, did you mange to fix it?

These are directly related to your country block list. As the domain name suggests, that domain resolves to a pool of NTP servers hosted worldwide. That's why I personally don't use the country blocking feature, too many services are globalized now.

 

[BeHappy]

Debug info:

ONEPLUS 5T with Tapatalk

 

[Adamm]

Debug info:

ONEPLUS 5T with Tapatalk

You've (incorrectly) edited the default log level settings on the WebUI.

Go WebUI > System Log Tab

Default message log level = notice
Log only messages more urgent than = debug