What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Did Skynet block Spotify for anyone else today?

Keep in mind Skynet will block whatever IPs are in the filter list ... when using a script such as Diversion or Skynet, it's important to be familiar with what filters you have configured and how to check if one of them is blocking your site.

Not everyone will keep it at the "default" filter setup. I certainly do not.

Edit: to answer your question, no Skynet did not block Spotify for me today, but this is useless information since you don't know what filters I am using, and I don't know what filters you are using...
 
@Adamm I know about that post and was checking while you posted...

Skynet is blocking 35.186.224.25 which does indeed seem to belong to Spotify: https://otx.alienvault.com/indicator/ip/35.186.224.25

@CriticJay I don't run Diversion anymore (I use NextDNS now), so that should not interfere.

It is not currently on any of the default lists;

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search malware 35.186.224.25
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            16/07/2020 - v7.2.0                                            #
#############################################################################################################


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/USB/skynet/skynet.log - 7.8M
[i] Monitoring From Jul 18 02:00:24 To Jul 23 01:07:54
[i] 34390 Block Events Detected
[i] 4454 Unique IPs
[i] 0 Manual Bans Issued

Associated Domain(s);
edge-web.dual-gslb.spotify.com
edge-web-russia.dual-gslb.spotify.com
spotify.com



=============================================================================================================


Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



Possible CIDR Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



=============================================================================================================


[#] 351002 IPs (+0) -- 1638 Ranges Banned (+0) || 2623 Inbound -- 5 Outbound Connections Blocked! [stats] [10s]
 
My result for that command is different:
Code:
Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------

35.186.224.25        | https://iplists.firehol.org/files/blocklist_net_ua.ipset
But I must admit I don't know whether that is a default list or not...
 
My result for that command is different:
Code:
Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------

35.186.224.25        | https://iplists.firehol.org/files/blocklist_net_ua.ipset
But I must admit I don't know whether that is a default list or not...

It must have been present on an older version of the list when yours last updated, in any case I've removed blocklist_net_ua.ipset from the default filter list as there has been an increased number of false positives.
 
Did Skynet block Spotify for anyone else today?

Not today--so far--but yesterday Skynet blocked Spotify streamed through my Squeezebox but not to my PC. Took me a while to figure out what was happening. I was not looking forward to learning more than I wanted to know about trouble-shooting today, but it seems Adamm has already addressed what was happening.

I was relieved to see this post and the replies today. Impressive! Thanks, guys!
 
Did Skynet block Spotify for anyone else today?
Yes. 35.186.224.25 was blocked, but I restarted skynet and now all is good. Also interferred with "other devices" recognition.
 
Strange, I have had Skynet installed for months with not one single issue and then today I couldn't connect to Modern Warfare on my PS4. Literally took me all day to figure out it was the Skynet firewall because I haven't had issues with it before and I thought it was due to me messing with VPNs and whatnot.

All of a sudden today Skynet started blocking outbound connections to 185.34.107.128.

Code:
Jul 22 19:36:59 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:02:f6:10:00:d9:d1:37:08:ae:08:00 SRC=192.168.50.51 DST=185.34.107.128 LEN=57 TOS=0x00 PREC=0x00 TTL=647
Associated Domain(s) - [stun.us.demonware.net stun.eu.demonware.net]

I've been playing Modern Warfare all quarantine with no issues lol. I guess this was added to the list recently, since all of a sudden this was blocked when it wasn't before? I think I am using default lists.
Code:
# firewall stats search malware 185.34.107.128
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            16/07/2020 - v7.2.0                                            #
#############################################################################################################


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/sda5/skynet/skynet.log - 1.2M
[i] Monitoring From Jul 22 04:00:06 To Jul 22 19:44:22
[i] 4432 Block Events Detected
[i] 1012 Unique IPs
[i] 0 Manual Bans Issued

Associated Domain(s);
stun.us.demonware.net
stun.eu.demonware.net



=============================================================================================================


Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------

185.34.107.128       | https://iplists.firehol.org/files/blocklist_net_ua.ipset


Possible CIDR Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



=============================================================================================================


[#] 350724 IPs (+0) -- 1616 Ranges Banned (+0) || 69 Inbound -- 53 Outbound Connections Blocked! [stats] [6s]


How do I remove https://iplists.firehol.org/files/blocklist_net_ua.ipset from my used lists?
 
Strange, I have had Skynet installed for months with not one single issue and then today I couldn't connect to Modern Warfare on my PS4. Literally took me all day to figure out it was the Skynet firewall because I haven't had issues with it before and I thought it was due to me messing with VPNs and whatnot.

All of a sudden today Skynet started blocking outbound connections to 185.34.107.128.

Code:
Jul 22 19:36:59 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:02:f6:10:00:d9:d1:37:08:ae:08:00 SRC=192.168.50.51 DST=185.34.107.128 LEN=57 TOS=0x00 PREC=0x00 TTL=647
Associated Domain(s) - [stun.us.demonware.net stun.eu.demonware.net]

I've been playing Modern Warfare all quarantine with no issues lol. I guess this was added to the list recently, since all of a sudden this was blocked when it wasn't before? I think I am using default lists.
Code:
# firewall stats search malware 185.34.107.128
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            16/07/2020 - v7.2.0                                            #
#############################################################################################################


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/sda5/skynet/skynet.log - 1.2M
[i] Monitoring From Jul 22 04:00:06 To Jul 22 19:44:22
[i] 4432 Block Events Detected
[i] 1012 Unique IPs
[i] 0 Manual Bans Issued

Associated Domain(s);
stun.us.demonware.net
stun.eu.demonware.net



=============================================================================================================


Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------

185.34.107.128       | https://iplists.firehol.org/files/blocklist_net_ua.ipset


Possible CIDR Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



=============================================================================================================


[#] 350724 IPs (+0) -- 1616 Ranges Banned (+0) || 69 Inbound -- 53 Outbound Connections Blocked! [stats] [6s]


How do I remove https://iplists.firehol.org/files/blocklist_net_ua.ipset from my used lists?
@Adamm already removed the list.
 
I checked for updates in Skynet and there were none and I ran that same command "
firewall stats search malware 185.34.107.128" and the list still shows. Will it go away on it's own in a day or so?
I don't think it shows up as and update. Update the Malware Blacklist [3]- [1], use the Restart command [8], and perhaps Reset the Statistics [13] - [4], and see if that clears the cobwebs out.

Anton
 
I don't think it shows up as and update. Update the Malware Blacklist [3]- [1], use the Restart command [8], and perhaps Reset the Statistics [13] - [4], and see if that clears the cobwebs out.

Anton

You have to update your "malware blacklist" opt 3 not skynet.

Thanks guys! I think that did the trick. Hopefully my wife doesn't ever run into this issue with something she is trying to access when I'm not home! She would be pissed! She already knows I have the router set to prioritize game traffic which she's not happy about lol. I'm glad this firewall and it's wonderful support team are focused on minimizing false-positives as much as possible!
 
She already knows I have the router set to prioritize game traffic which she's not happy about lol.
Why would you admit that to her? :eek: :D Mine could care less as long as Netflix works as intended. LOL
 
Why would you admit that to her? :eek: :D Mine could care less as long as Netflix works as intended. LOL

I think I was telling a buddy and she overheard cause I gotta brag to my gaming friends that my router prioritizes gaming packets hahahah. It really doesn't affect other things like Netflix or web browsing though.
 
Sorry if this was already answered somewhere, but does anyone know what is the command script to block specific device from connecting to URL/host? For example: I would like to block 192.168.1.74 from accessing to google.com and such.

Thank you!
 
Is there a way I can check the IP list for IOT Blocking?

This is enabled with 11 - 11 in Skynet.

EDIT: Found the answer. You enable the option, then enter the IP of the device you want to ban.

Will be great for my CCTV cameras.
 
Sorry if this was already answered somewhere, but does anyone know what is the command script to block specific device from connecting to URL/host? For example: I would like to block 192.168.1.74 from accessing to google.com and such.

Thank you!

Any bans apply to all devices, there is currently no way to do per-device blocking.
 
Does Skynet helps with router performance and also do i have to still enable the router firewall if i add this script.
Does it decrease data speed so for gaming and so on is this not rec ?
 
Does Skynet helps with router performance and also do i have to still enable the router firewall if i add this script.
Does it decrease data speed so for gaming and so on is this not rec ?
Skynet enhances the existing firewall. You want both. SkyNet will enable the firewall if you have it disabled by mistake.

I don’t think anyone has observed a negative impact from Skynet doing its filtering. You may see increased CPU activity when it does its hourly save and stats generation. Skynet is a non-negotiable Addon for my network. If I had choose between Skynet and FlexQoS, Skynet would win every time.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top