What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

In the router main menu, by just clicking on "Adaptive QoS" button (then watching syslog), this triggers a skynet restart.
Can someone confirm?

Edit:
I'm not using QoS.
 
Last edited:
I'm concluding they happen every-time something gets changed on the router.

Correct, its perfectly normal.

I'm also trying to open my NAT type to my PS4. I used the GUI port forwarding but wasn't able to get an open NAT type while playing. What ports did you open? Does skynet have a place to edit port forward rules? The GUI only allows for 64 port forwards and I was wondering if Skynet allows for more.

The ports I tried to set in the GUI are as follows:
View attachment 23019

For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

View attachment 23021

Should I enter each port individually instead of using a range? Or is there a better way to do this in Skynet rather than the GUI? Sorry for the many questions, but I tried using the port forwarding rules in the WAN settings. Now I see additional inbound firewall rules in the general tab of the firewall. What's the difference between these? Thanks!

This has nothing to-do with Skynet.

I haven't had an outbound block in a month I don't think

Thats a good thing, the less outbound blocks the better.

In the router main menu, by just clicking on "Adaptive QoS" button (then watching syslog), this triggers a skynet restart.
Can someone confirm?

Edit:
I'm not using QoS.

I think your confusing a "skynet restart" with a "firewall service restart", the latter which happens when the WebUI detects a setting change that could potentially affect the firewall rules.
 
"firewall service restart", the latter which happens when the WebUI detects a setting change that could potentially affect the firewall rules.
You are correct, it's a firewall service restart. No settings were changed, but still the firewall restarts. So I guess that's a FW issue and not skynet related.
 
For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

View attachment 23021
> It only allows you to put one port in the internal port box.
That is right, here you set the lowest port number of the range!
 
I’ve got a couple questions on outbound blocks.

1) can we send email alerts for outbound blocks? I typically don’t get a lot of these so when I do see them in the webui, I investigate as anomalous behavior.

2) instead of (or in addition to) using the source ip, can pull the hostname of the device instead?
Thanks!
 
I recently got 2 similar skynet tabs in Firewall... how can i remove one?
EDIT: forced upgrade of Skynet and duplicate tab is gone, but after Skynet regenerated stats, it's back again.
 
Last edited:
1) can we send email alerts for outbound blocks? I typically don’t get a lot of these so when I do see them in the webui, I investigate as anomalous behavior.

Not at this time

2) instead of (or in addition to) using the source ip, can pull the hostname of the device instead?

The logs are generated directly by IPTables so unfortunately that is impossible, although this is done via the stats command.

I recently got 2 similar skynet tabs in Firewall... how can i remove one?
EDIT: forced upgrade of Skynet and duplicate tab is gone, but after Skynet regenerated stats, it's back again.

Can't reproduce this on my end, easiest fix is just reboot your router which should remove all custom user pages.
 
Will do later today and let you know.
 
How can you remove Skynet? I can't uninstall it because it says the file is locked (has said so all day). I have tried Formatting the disk, but it doesn't remove Skynet. Any options?
 
Does a reboot and waiting about 10 minutes help?

Does 'Safely remove USB drive' help and then physically removing it and then re-inserting it (and waiting until all services are running)? :)
 
Nope. Now when I attempt to go into skynet, it says USB not found and attempts 10 times with no luck.

No other add on has an issue. And I can uninstall and reinstall all the others but skynet poses the only issue.

Sent from my Nokia 7.1 using Tapatalk
 
Is your USB drive faulty? :)

Is Diversion installed and running?

If Diversion is installed and running (and recognizing the USB drive) check the 'dcl' disk checker log for any hints.

If Diversion is not running but you had it installed, the other scripts will seem to work okay, but they're not. :)
 
Nope. Now when I attempt to go into skynet, it says USB not found and attempts 10 times with no luck.

No other add on has an issue. And I can uninstall and reinstall all the others but skynet poses the only issue.

Sent from my Nokia 7.1 using Tapatalk
You need to go in to /jffs/scripts and delete "firewall", that is Skynet.
Code:
 cat /jffs/scripts/firewall


#!/bin/sh
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            26/04/2020 - v7.1.6                                            #
#############################################################################################################
 
Nope. Now when I attempt to go into skynet, it says USB not found and attempts 10 times with no luck.

No other add on has an issue. And I can uninstall and reinstall all the others but skynet poses the only issue.

Sent from my Nokia 7.1 using Tapatalk

Code:
sh /jffs/scripts/firewall uninstall
 
I'm also trying to open my NAT type to my PS4. I used the GUI port forwarding but wasn't able to get an open NAT type while playing. What ports did you open? Does skynet have a place to edit port forward rules? The GUI only allows for 64 port forwards and I was wondering if Skynet allows for more.

The ports I tried to set in the GUI are as follows:
View attachment 23019

For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

View attachment 23021

Should I enter each port individually instead of using a range? Or is there a better way to do this in Skynet rather than the GUI? Sorry for the many questions, but I tried using the port forwarding rules in the WAN settings. Now I see additional inbound firewall rules in the general tab of the firewall. What's the difference between these? Thanks!

I myself enable upnp and then customize /jffs/scripts/upnp.postconf to disable it for every device except my PS4 and Xbox One.

Code:
 #!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_insert "allow 1-65535 192.168.0.1/255.255.255.0 1024-65535" "allow 1024-65535 192.168.0.11/255.255.255.255 1024-65535" $CONFIG
pc_replace "allow 1-65535 192.168.0.1/255.255.255.0 1024-6553”  "allow 1024-65535 192.168.0.12/255.255.255.255 1024-65535" $CONFIG

This only allows IP .11 and .12 to use upnp. The rest are denied for security purposes.
 
Last edited:
is it possible to only unblock a port with skynet? I cannot seem to be able to find a way to just say add a rule to allow port 443 or 80 access. I am currently just manually doing it with iptables in the firewall-start but would like to keep it in a single "firewall" manger if I can. I know i can allow an IP on said ports, but i cant seem to simply be able to allow a port and keep all the logging and other useful bits of skynet that it would provide by using it to do the rule.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top