What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I am getting this error when I try to start skynet from amtm. I have updated amtm and rebooted once more.

/jffs/scripts/firewall: line 40: arithmetic syntax error

Amtm is showing that skynet should be updated, but cannot open it in order to to the update. I have 7.2.0 version at the moment.
 
I am getting this error when I try to start skynet from amtm. I have updated amtm and rebooted once more.

/jffs/scripts/firewall: line 40: arithmetic syntax error

Amtm is showing that skynet should be updated, but cannot open it in order to to the update. I have 7.2.0 version at the moment.

What is the output of;

Code:
firewall debug info
 
What is the output of;

Code:
firewall debug info
Router Model;
Skynet Version; (12/08/2020) (9f72d6908929b711bf4ecbf665e26682)
iptables v1.4.15 - (eth0 @ 10.1.1.1)
ipset v6.32, protocol version: 6
IP Address; (xx.xx.xx.xx)
FW Version; 384.19_0 (Aug 14 2020) (4.1.51)
Install Dir; /tmp/mnt/SKYNET/skynet (1.7G / 3.7G Space Available)
Syslog Location; () ()
Uptime; 0 days, 8 hours, 46 minutes.
Ram Available; (414M / 882M)


--------------- | ------------ | --------------- | ----------
| Device Name | | | Local IP | | | MAC Address | | | Status |
--------------- | ------------ | --------------- | ----------

xx | 10.1.1.2 | 00:00:00:00:00:00 | Online
xx | 10.1.1.8 | 00:00:00:00:00:00 | Inactive



-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Disabled]
Malware List Auto-Updates | [Disabled]
Logging | [Disabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Disabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Disabled]
Secure Mode | [Disabled]
Fast Switch List | [Disabled]
Syslog Location | [Custom]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Disabled]
CDN Whitelisting | [Disabled]
Display WebUI | [Disabled]

14/14 Tests Sucessful


====================================================================================================


/jffs/scripts/firewall: line 5678: arithmetic syntax error
 

Your config file is missing, I suggest trying to use the install command.
 
Your config file is missing, I suggest trying to use the install command.


Code:
--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Disabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

17/17 Tests Sucessful


====================================================================================================


[#] 314806 IPs (+0) -- 1730 Ranges Banned (+0) || 37 Inbound -- 0 Outbound Connections Blocked! [deb

It's working again. Thank you. Everything looks good.
 
I am having issues with No data to display. currently on 7.2.1 all updated.

NO DATA TO DISPLAY problem
in webui , skynet
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Inbound) (click to expand/collapse)

it shows No data to display..
but the rest is fine,.


but putty sh /jffs/scripts/firewall stats it shows some data.
current log file is 8.8MB
System log
Default message log level : NOTICE
Log only messages more urgent than : DEBUG



sh /jffs/scripts/firewall debug info


| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Config File | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]
 
NO DATA TO DISPLAY problem
in webui , skynet
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)

This is normal and just means you haven't had any outbound blocks since the last log purge. Is the manual stats command showing something different?
 
yeah, manual stats are showing stuff.
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Inbound) (click to expand/collapse)

has been showing empty for almost 2 months now.
 
yeah, manual stats are showing stuff.
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Inbound) (click to expand/collapse)

has been showing empty for almost 2 months now.

Upload a copy of the following files from your Skynet install directory;

skynet.log
stats.js
 
I've pushed v7.2.2

Code:
Covert CRLF during remote file import
Remove conflicting script check
Add config file test to debug info
Fix corrupted stats due to entry being on both whitelist and blacklist
 
I'm having an issue banning an IP in skynet. It adds successfully, restarts but then I can curl that same ip without getting blocked. I've confirmed the ip shows up in skynet.ipset. What else should I check. I see inbound connections being blocked all the time, I have enabled it for both directions but haven't seen it block any outbound connections lately. Though I always figured that was because Diversion stops most stuff before it resolves.

Here's the key bits after I ban the ip and then try to curl it:
Banning 3.91.43.25
[#] 86748 IPs (+1) -- 1791 Ranges Banned (+0) || 18 Inbound -- 0 Outbound Connections Blocked! [ban] [2s]
admin@RT-AX88U-EBF8:/tmp/mnt/samsungusb/skynet# curl 3.91.43.25

..Response that proves it wasn't blocked

And here's the full debug info:
Code:
Router Model; RT-AX88U
Skynet Version; v7.2.1 (03/09/2020) (c61321f3672a2c330a2723b60a07a5f2)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (13.20.129.24)
FW Version; 384.18_0 (Jun 28 2020) (4.1.51)
Install Dir; /tmp/mnt/samsungusb/skynet (52.9G / 58.7G Space Available)
SWAP File; /tmp/mnt/samsungusb/myswap.swp (2.0G)
Uptime; 18 days, 7 hours, 3 minutes.
Ram Available; (502M / 882M)

--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Config File                         | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 7 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

18/18 Tests Sucessful


=============================================================================================================


[#] 86748 IPs (+0) -- 1791 Ranges Banned (+0) || 60 Inbound -- 0 Outbound Connections Blocked! [debug] [3s]
Thanks in advance :)
 
I'm having an issue banning an IP in skynet. It adds successfully, restarts but then I can curl that same ip without getting blocked. I've confirmed the ip shows up in skynet.ipset. What else should I check. I see inbound connections being blocked all the time, I have enabled it for both directions but haven't seen it block any outbound connections lately. Though I always figured that was because Diversion stops most stuff before it resolves.

Here's the key bits after I ban the ip and then try to curl it:
Banning 3.91.43.25
[#] 86748 IPs (+1) -- 1791 Ranges Banned (+0) || 18 Inbound -- 0 Outbound Connections Blocked! [ban] [2s]
admin@RT-AX88U-EBF8:/tmp/mnt/samsungusb/skynet# curl 3.91.43.25

..Response that proves it wasn't blocked

And here's the full debug info:

Thanks in advance :)
That IP is in the Amazon ASN, so it's whitelisted. Run firewall stats search ip 3.91.43.25 to see those details.
 
That IP is in the Amazon ASN, so it's whitelisted. Run firewall stats search ip 3.91.43.25 to see those details.
Interesting, so what's the best way to block that 1 IP?

Here's the output of that command:
Code:
[i] Logging Data Detected in /tmp/mnt/samsungusb/skynet/skynet.log - 4.7M
[i] Monitoring From Sep 6 17:00:03 To Sep 8 15:44:10
[i] 17704 Block Events Detected
[i] 2594 Unique IPs
[i] 1 Manual Bans Issued

3.91.43.25 is in set Skynet-Whitelist.
3.91.43.25 is in set Skynet-Blacklist.
3.91.43.25 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
-*-
Blacklist Reason;
 "ManualBan: Work spyware"

Associated Domain(s);
xyz.hostedrmm.com

[i] IP Location - United States (AMAZON-AES / AS14618)

[i] 3.91.43.25 First Tracked On
[i] 3.91.43.25 Last Tracked On
[i] 0 Blocks Total

Event Log Entries From 3.91.43.25;
Sep 08 15:05:01 Skynet: [Manual Ban] TYPE=Single SRC=3.91.43.25 COMMENT=Work spyware

First Block Tracked From 3.91.43.25;

10 Most Recent Blocks From 3.91.43.25;
*--

Top 10 Targeted Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
-*-

Top 10 Sourced Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
--*

=============================================================================================================

[#] 86748 IPs (+0) -- 1791 Ranges Banned (+0) || 164 Inbound -- 0 Outbound Connections Blocked! [stats] [13s]
 
Interesting, so what's the best way to block that 1 IP?

Here's the output of that command:
Code:
[i] Logging Data Detected in /tmp/mnt/samsungusb/skynet/skynet.log - 4.7M
[i] Monitoring From Sep 6 17:00:03 To Sep 8 15:44:10
[i] 17704 Block Events Detected
[i] 2594 Unique IPs
[i] 1 Manual Bans Issued

3.91.43.25 is in set Skynet-Whitelist.
3.91.43.25 is in set Skynet-Blacklist.
3.91.43.25 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
-*-
Blacklist Reason;
 "ManualBan: Work spyware"

Associated Domain(s);
xyz.hostedrmm.com

[i] IP Location - United States (AMAZON-AES / AS14618)

[i] 3.91.43.25 First Tracked On
[i] 3.91.43.25 Last Tracked On
[i] 0 Blocks Total

Event Log Entries From 3.91.43.25;
Sep 08 15:05:01 Skynet: [Manual Ban] TYPE=Single SRC=3.91.43.25 COMMENT=Work spyware

First Block Tracked From 3.91.43.25;

10 Most Recent Blocks From 3.91.43.25;
*--

Top 10 Targeted Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
-*-

Top 10 Sourced Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
--*

=============================================================================================================

[#] 86748 IPs (+0) -- 1791 Ranges Banned (+0) || 164 Inbound -- 0 Outbound Connections Blocked! [stats] [13s]
Since it's an AWS IP, I would figure out the hostname being requested by the client and block that in dnsmasq (easier with Diversion).
 
Since it's an AWS IP, I would figure out the hostname being requested by the client and block that in dnsmasq (easier with Diversion).
I know what the hostname is but the config for this work spyware had it's IP hardcoded as a backup. I set up a static route to block it, only downside over skynet is I don't get the logging but I can live with that. Thanks.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top