What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Code:
Router Model; RT-AX88U
Skynet Version; v7.1.6 (24/05/2020) (6c84f62a4a6d6d0c8c3bfe6e3db99dc7)
iptables v1.4.15 - (eth0 @ 192.168.50.1)
ipset v6.32, protocol version: 6
IP Address; (204.83.126.77)
FW Version; 384.18_alpha1-g6368a955e8 (May 29 2020) (4.1.51)
Install Dir; /tmp/mnt/sampi/skynet (12.6G / 14.5G Space Available)
SWAP File; /tmp/mnt/sampi/myswap.swp (1.0G)
Uptime; 0 days, 9 hours, 36 minutes.
Ram Available; (399M / 882M)
[CODE]--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

17/17 Tests Sucessful


=============================================================================================================


[#] 276187 IPs (+0) -- 1600 Ranges Banned (+0) || 10395 Inbound -- 0 Outbound Connections Blocked! [debug] [3s]
[/CODE]
 
I have the same issue with missing chart sections and have also rebooted router, started and stopped Skynet, and finally removed and the reinstalled it. I can show you the results of my firewall dump but it is the same as skeals.

When I ssh into Skynet and ask it for a report of stats it is very slow.

My router is an AC86 running 34.17.
 
Code:
[#] 276187 IPs (+0) -- 1600 Ranges Banned (+0) || 10395 Inbound -- 0 Outbound Connections Blocked! [debug] [3s]
You have zero(0) Outbound connections so there will be no data in the bottom of your graph. Give it time when there's outbound hits then it will populate the graph.
 
Last edited:
The last two are outbound and wouldn't have any but the inbound ones usually do and have nothing. Trust me i have a close eye on this all the time.
 
Two things, i was pondering. I thinks the stats page should be optional, and have a way to clear stats, like updating stats, has.
 
Last edited:
Code:
outer Model; RT-AX88U
Skynet Version; v7.1.6 (24/05/2020) (6c84f62a4a6d6d0c8c3bfe6e3db99dc7)
iptables v1.4.15 - (eth0 @ 10.25.00.1)
ipset v6.32, protocol version: 6
IP Address; (xxx.xx.xx.xx) - (2a02:c7f:c04e:9c00::/56)
FW Version; 384.17_0 (Apr 26 2020) (4.1.51)
Install Dir; .../Router/skynet (51.2G / 56.3G Space Available)
SWAP File; .../Router/myswap.swp (2.0G)
Syslog Location; (/opt/var/log/skynet-0.log) (/tmp/syslog.log-1)
Uptime; 0 days, 3 hours, 5 minutes.
Ram Available; (463M / 882M)

(where ... = /tmp/mnt)


---------------                          | ------------     | ---------------      | ----------
| Device Name |                          | | Local IP |     | | MAC Address |      | | Status |
---------------                          | ------------     | ---------------      | ----------

Unknown                                  | 10.0.0.1         | Unknown              | Offline
Unknown                                  | 10.0.1.53        | Unknown              | Offline
Canon-MG5450                             | 10.25.00.67      | f4:81:39:1a:3c:ce    | Inactive
NVIDIA                                   | 10.25.00.75      | 00:04:4b:eb:62:53    | Inactive
Samsung_UE49NU7500_WiFi                  | 10.25.00.81      | 70:2a:d5:75:ec:e9    | Inactive
EPSON_WF-2830                            | 10.25.00.87      | 38:1a:52:10:b5:ad    | Inactive
Squeezebox                               | 10.25.00.90      | 00:04:20:06:72:f8    | Inactive
SkyHD_Down_WiFi                          | 10.25.00.106     | 60:02:b4:22:4d:e9    | Inactive
SkyHD_Top                                | 10.25.00.110     | a8:54:b2:9a:e6:dd    | Inactive
IGOR-8                                   | 10.25.00.115     | 1c:87:2c:42:1f:38    | Online
Dancing-Bear                             | 10.25.00.116     | 50:46:5d:64:21:02    | Inactive
Pino_Work                                | 10.25.00.118     | 68:ec:c5:a2:05:3f    | Online
Pino_Phone                               | 10.25.00.119     | a8:3e:0e:ca:e8:16    | Inactive
Sophie-Phone                             | 10.25.00.132     | 30:07:4d:9d:15:f9    | Inactive
Sophie-Ipad                              | 10.25.00.133     | 60:8b:0e:83:dd:16    | Inactive
Sophie_Work                              | 10.25.00.134     | 60:f8:1d:bb:fc:2a    | Online
Vito                                     | 10.25.00.135     | bc:ee:7b:5d:84:ad    | Inactive
Ales-Phone                               | 10.25.00.136     | b0:72:bf:cb:ed:c0    | Inactive
Pere-Ubu                                 | 10.25.00.150     | 00:15:5d:3f:73:08    | Online
Unknown                                  | 10.25.00.160     | a8:5e:45:63:70:f0    | Online
snom821-4587B6                           | 10.25.00.202     | 00:04:13:45:87:b6    | Inactive
YSP-2700-WiFi                            | 10.25.00.215     | 50:8c:b1:49:6c:a2    | Inactive
HarmonyHub                               | 10.25.00.230     | c8:db:26:0d:07:83    | DELAY
Unknown                                  | 151.224.16.1     | a0:f3:e4:80:ea:30    | DELAY


--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Custom]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

17/17 Tests Sucessful
Hey @Adamm my stats on the web page of the firmware are incomplete. The bottom four graphs don't show anything. There should be stats there according to my other data. Any ideas how to fix? I uninstalled and re-installed and that didn't help. I updated firmware to the new alpha and that didn't help. Anything you can add?
I have the same issue with missing chart sections and have also rebooted router, started and stopped Skynet, and finally removed and the reinstalled it. I can show you the results of my firewall dump but it is the same as skeals.

When I ssh into Skynet and ask it for a report of stats it is very slow.

My router is an AC86 running 34.17.

I've identified the issue and pushed v7.1.7

Code:
Generate stats before purging logs
Use profile.add for easier command usage
Fix swap file entry being nuked in edge case
Switch to db-ip as apapi's rate limiting is too aggressive causing stat generation to hang
 
Two things, i was pondering. I thinks the stats page should be optional, and have a way to clear stats, like updating stats, has.

Both of these features are already included.

Code:
( firewall settings webui enable|disable ) Enable/Disable WebUI

( firewall stats reset ) Reset All Collected Logs
 
@Adamm , could you look into the mouse wheel scrolling when hovering over graphs?
@Jack Yaz has a library that does not scroll the columns with the wheel when hovering over it.
The scroll event only expands the chart, never contracts, which is not helpful.
Thanks.
 
Probably a dumb question, but I am trying to troubleshoot why a SIP phone is not connecting, so:
Does Skynet also work in a similar as Diversion, so that if I attach a device to an external DNS (e.g. 8.8.4.4) in DNSFilter (default is Router), it will bypass Skynet, or do I need to disable Skynet (option [9])?
 
Probably a dumb question, but I am trying to troubleshoot why a SIP phone is not connecting, so:
Does Skynet also work in a similar as Diversion, so that if I attach a device to an external DNS (e.g. 8.8.4.4) in DNSFilter (default is Router), it will bypass Skynet, or do I need to disable Skynet (option [9])?


Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!

1.) Enable Logging
Code:
firewall settings logmode enable
2.) Open the blocked application/website and use the command;

Code:
firewall debug watch
Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;
Code:
DST=175.115.37.52
4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.

Code:
https://otx.alienvault.com/indicator/ip/175.115.37.52/
5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

Code:
firewall whitelist ip 175.115.37.52
 
I've identified the issue and pushed v7.1.7

Code:
Generate stats before purging logs
Use profile.add for easier command usage
Fix swap file entry being nuked in edge case
Switch to db-ip as apapi's rate limiting is too aggressive causing stat generation to hang
Thanks. The updated version resolved the slowness issue and now all data is displaying in the charts.
 
Not really what I am trying to solve. I have run firewall debug watch, but there is almost no traffic OUTBOUND and what there is belongs to another device. The SIP phone is booting and getting its reserved DHCP as expected, however the SIP user account is showing as 'not recognised'. This is most likely an issue with the phone itself or the SIP connection provider - what I was trying to do was verify that neither Skynet nor Diversion are part of the problem (e.g. by pointing the device at an external DNS in DNSFilter I know that diversion is not involved in whatever is failing).

On a separate issue, what is the extended MAC (14 pair) address shown in blocked messages, I can see that the first 6 pairs are the router, what are the rest related to?
 
Updated to v7.1.7 and when executing 'firewall' in ssh it returns 'line 1: arithmetic syntax error'
 
Not really what I am trying to solve. I have run firewall debug watch, but there is almost no traffic OUTBOUND and what there is belongs to another device. The SIP phone is booting and getting its reserved DHCP as expected, however the SIP user account is showing as 'not recognised'. This is most likely an issue with the phone itself or the SIP connection provider - what I was trying to do was verify that neither Skynet nor Diversion are part of the problem (e.g. by pointing the device at an external DNS in DNSFilter I know that diversion is not involved in whatever is failing).

Skynet logs every connection it blocks, so if nothing is showing up there then your issue is elsewhere ;)

On a separate issue, what is the extended MAC (14 pair) address shown in blocked messages, I can see that the first 6 pairs are the router, what are the rest related to?

https://access.redhat.com/solutions/70465

Resolution
  • The MAC address logged in the file is longer than expected, as it is indicating several pieces of information:

MAC=00:60:dd:45:67:ea:00:60:dd:45:4c:92:08:00

  • This can be broken up into three different pieces of information. Souce MAC, Destination MAC and frame type.

00:60:dd:45:67:ea: Destination MAC=00:60:dd:45:67:ea
00:60:dd:45:4c:92: Source MAC=00:60:dd:45:4c:92
08:00 : Type=08:00 (ethernet frame carried an IPv4 datagram)
 
Updated to v7.1.7 and when executing 'firewall' in ssh it returns 'line 1: arithmetic syntax error'

Try a force update or run the following to manually replace the file;

Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall
 
Both of these features are already included.

Code:
( firewall settings webui enable|disable ) Enable/Disable WebUI

( firewall stats reset ) Reset All Collected Logs
Cool! I didn't know the web page was optional. I was thinking though of a clear stats button, on the web page, like the update stats button, not a command from command line or from the Gui.
 
The other thing is if you are presently getting pounded by a country for what ever reason, 1300 times per hour, the log is virtually non existent for anything other than skynet and dropped packets. Is this a firmware limitation. I honestly had one line of skynet telling me the stats from the last hour and then dropped packets from there, absolutely nothing else.
 
Try a force update or run the following to manually replace the file;

Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall

Since I posted last I reformatted my USB drive (full format), formatted the JFFS partition and checked to make sure it was clean, tried to reinstall Skynet using
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install
and it's not installing. I think I did everything correctly?
 
The other thing is if you are presently getting pounded by a country for what ever reason, 1300 times per hour, the log is virtually non existent for anything other than skynet and dropped packets. Is this a firmware limitation. I honestly had one line of skynet telling me the stats from the last hour and then dropped packets from there, absolutely nothing else.

Unfortunately that's a limitation of busybox's syslogd, the only thing I can recommend is using scribe to filter these logs to their own file.

and it's not installing. I think I did everything correctly?

Please elaborate on not installing with a snippet of the output. The install function hasn't been changed in 2-3 years so if there were a reproducible error I'd hope I knew about it :p
 
@Adamm , could you look into the mouse wheel scrolling when hovering over graphs?
@Jack Yaz has a library that does not scroll the columns with the wheel when hovering over it.
The scroll event only expands the chart, never contracts, which is not helpful.
Thanks.

Mind elaborating a little further. I can both expand and contract the charts with scrolling, what is your desired functionality here?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top