Skynet New Skynet 7.5.9 Release

[John Fitzgerald]

Feels like a game of whackamole, @Adamm! Lol

It's better to "be the hammer".

 

[visortgw]

We are so fortunate to have someone like @Adamm with the knowledge, talent, and persistence to continuously fix and improve Skynet on our behalf.

 

[HUNited]

Hi,
From last day, Skynet blocked telegram in my router. When skynet disabled, works properly.
I tried to uninstall and install again, but the problem still active.
Now i temporary disabled Skynet.
Please help me to resolve this problem (what i need to do in unban, or other suggestions)

Thank You!

 

[Adamm]

Hi,
From last day, Skynet blocked telegram in my router. When skynet disabled, works properly.
I tried to uninstall and install again, but the problem still active.
Now i temporary disabled Skynet.
Please help me to resolve this problem (what i need to do in unban, or other suggestions)

Thank You!

Usage;

Skynet provides both a user interactive menu, and command line interface for those who prefer it.

To open the menu its as simple as;

firewall

For users on firmware v384.15+ (Merlin) or v374.43_43E6 (Johns Fork) there will also be a WebUI tab under the heading Firewall.

And for the CLI users, here's a list of possible commands.

Example Unban Commands;
( firewall unban ip 8.8.8.8 ) This Unbans The IP Specified
( firewall unban range 8.8.8.8/24 ) This Unbans the CIDR Block Specified
( firewall unban domain google.com ) This Unbans the URL Specified
( firewall unban comment "Apples" ) This Unbans Entries With The Comment Apples
( firewall unban country ) This Unbans Entries Added By The "Ban Country" Feature
( firewall unban asn AS123456 ) This Unbans the ASN Specified
( firewall unban malware ) This Unbans Entries Added By The "Ban Malware" Feature
( firewall unban nomanual ) This Unbans Everything But Manual Bans
( firewall unban all ) This Unbans All Entries From Both Blacklists

Example Ban Commands;
( firewall ban ip 8.8.8.8 "Apples" ) This Bans The IP Specified With The Comment Apples
( firewall ban range 8.8.8.8/24 "Apples" ) This Bans the CIDR Block Specified With The Comment Apples
( firewall ban domain google.com ) This Bans the URL Specified
( firewall ban country "pk cn sa" ) This Bans The Known IPs For The Specified Countries (Accepts Single/Multiple Inputs If Quoted) https://www.ipdeny.com/ipblocks/
( firewall ban asn AS123456 ) This Bans the ASN Specified

Example Banmalware Commands;
( firewall banmalware ) This Bans IPs From The Predefined Filter List
( firewall banmalware google.com/filter.list ) This Uses The Filter List From The Specified URL
( firewall banmalware reset ) This Will Reset Skynet Back To The Default Filter URL
( firewall banmalware exclude "list1.ipset|list2.ipset" ) This Will Exclude Lists Matching The Names "list1.ipset list2.ipset" From The Current Filter (Quotes And Pipes Are Nessessary For Seperating Multiple Entries!)
( firewall banmalware exclude reset ) This Will Reset The Exclusion List

Example Whitelist Commands;
( firewall whitelist ip 8.8.8.8 "Apples" ) This Whitelists The IP Specified With The Comment Apples
( firewall whitelist range 8.8.8.8/24 "Apples" ) This Whitelists The Range Specified With The Comment Apples
( firewall whitelist domain google.com) This Whitelists the URL Specified
( firewall whitelist asn AS123456 ) This Whitelists the ASN Specified
( firewall whitelist vpn) Refresh VPN Whitelist
( firewall whitelist remove all) This Removes All Non-Default Entries
( firewall whitelist remove entry 8.8.8.8) This Removes IP/Range Specified
( firewall whitelist remove comment "Apples" ) This Removes Entries With The Comment Apples
( firewall whitelist refresh ) Regenerate Shared Whitelist Files
( firewall whitelist view ips|domains|imported ) View Whitelist Entries Based On Category (Leave Blank For All)

Example Import Commands;
( firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples
( firewall import whitelist file.txt "Apples" ) This Whitelists All IPs From URL/Local File With The Comment Apples

Example Deport Commands;
( firewall deport blacklist file.txt ) This Unbans All IPs From URL/Local File
( firewall deport whitelist file.txt ) This Unwhitelists All IPs From URL/Local File

Example Update Commands;
( firewall update ) Standard Update Check - If Nothing Detected Exit
( firewall update check ) Check For Updates Only - Wont Update If Detected
( firewall update -f ) Force Update Even If No Changes Detected

Example Settings Commands;
( firewall settings autoupdate enable|disable ) Enable/Disable Skynet Autoupdating
( firewall settings banmalware daily|weekly|disable ) Enable/Disable Automatic Malware List Updating
( firewall settings logmode enable|disable ) Enable/Disable Logging
( firewall settings filter all|inbound|outbound ) Select What Traffic To Filter
( firewall settings unbanprivate enable|disable ) Enable/Disable Unban_PrivateIP Function
( firewall settings loginvalid enable|disable ) Enable/Disable Invalid Packet Logging
( firewall settings banaiprotect enable|disable ) Enable/Disable Banning IPs Flagged By AiProtect
( firewall settings securemode enable|disable ) Enable/Disable Insecure Settings Being Applied In WebUI
( firewall settings fs google.com/filter.list|disable ) Configure/Disable Fast Malware List Switching
( firewall settings syslog|syslog1 /tmp/syslog.log|default ) Configure Custom Syslog/Syslog-1 Location
( firewall settings iot unban|ban 8.8.8.8,9.9.9.9 ) Unban|Ban IOT Device(s) (or CIDR) From Accessing WAN (Allow NTP / Remote Access Via OpenVPN Only) (Use Comma As Separator)
( firewall settings iot view ) View Currently Banned IOT Devices
( firewall settings iot ports 123,124,125 ) Allow Port(s) To Access WAN (Use Comma As Separator)
( firewall settings iot ports reset ) Reset Allowed Port List To Default
( firewall settings iot proto udp|tcp|all ) Select IOT Allowed Port Protocol
( firewall settings lookupcountry enable|disable ) Enable/Disable Country Lookup For Stat Data
( firewall settings cdnwhitelist enable|disable ) Enable/Disable CDN Whitelisting
( firewall settings webui enable|disable ) Enable/Disable WebUI

Example Debug Commands;
( firewall debug watch ) Show Debug Entries As They Appear
( firewall debug info ) Print Useful Debug Info
( firewall debug info extended ) Debug Info + Config
( firewall debug genstats ) Update WebUI Stats
( firewall debug clean ) Cleanup Syslog Entries
( firewall debug swap install|uninstall ) Install/Uninstall SWAP File
( firewall debug backup ) Backup Skynet Files To Skynets Install Directory With The Name "Skynet-Backup.tar.gz"
( firewall debug restore ) Restore Backup Files From Skynets Install Directory With The Name "Skynet-Backup.tar.gz"

Example Stats Commands;
( firewall stats ) Compile Stats With Default Top10 Output
( firewall stats 20 ) Compile Stats With Customizable Top20 Output
( firewall stats tcp ) Compile Stats Showing Only TCP Entries
( firewall stats tcp 20 ) Compile Stats Showing Only TCP Entries With Customizable Top20 Output
( firewall stats search port 23 ) Search Logs For Entries On Port 23
( firewall stats search port 23 20 ) Search Logs For Entries On Port 23 With Customizable Top20 Output
( firewall stats search ip 8.8.8.8 ) Search Logs For Entries On 8.8.8.8
( firewall stats search ip 8.8.8.8 20 ) Search Logs For Entries On 8.8.8.8 With Customizable Top20 Output
( firewall stats search malware 8.8.8.8 ) Search Malwarelists For Specified IP
( firewall stats search manualbans ) Search For All Manual Bans
( firewall stats search device 192.168.1.134 ) Search For All Outbound Entries From Local Device 192.168.1.134
( firewall stats search device reports ) Search Previous Hourly Report History
( firewall stats search invalid ) Search For Invalid Packets
( firewall stats search iot ) Search For IOT Packets
( firewall stats search connections ip|port|proto|id xxxxxxxxxx) Search Active Connections
( firewall stats remove ip 8.8.8.8 ) Remove Log Entries Containing IP 8.8.8.8
( firewall stats remove port 23 ) Remove Log Entries Containing Port 23
( firewall stats reset ) Reset All Collected Logs

Help! - Application.exe or Website.com Is Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!

1.) Enable Logging

firewall settings logmode enable

2.) Open the blocked application/website and use the command;

firewall debug watch

Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;

DST=175.115.37.52

4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.

https://otx.alienvault.com/indicator/ip/175.115.37.52/

5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

firewall whitelist ip 175.115.37.52

 

[HUNited]

Dear Adamm!
Thank You.
Unfortunately this not worked, because debug watch only run (--* *-- -*- etc.), no wrote anything to console, so i pressed CTRL+C (i tried twice).

firewall settings logmode enable:

killall: syslog-ng: no process killed
[i] Logging Enabled

firewall debug watch:

[i] Watching Syslog For Log Entries (ctrl +c) To Stop

killall: syslog-ng: no process killed
^C-

[*] Stopping Log Monitoring
killall: syslog-ng: no process killed


=============================================================================================================


[#] 35539 IPs (+0) -- 2534 Ranges Banned (+0) || 60 Inbound -- 99 Outbound Connections Blocked! [debug] [63s]

 

[HUNited]

Hm now i deleted and reinstalled again, and now work Telegram.

 

[Ripshod]

Is the Top10 HTTP(s) Blocks section working okay for everyone else? 3 days of running and no entries(?).

I feell the *-- may be relevant, but willing to be corrected.

EDIT: Got a funny feeling I've asked this before.

 

[visortgw]

Is the Top10 HTTP(s) Blocks section working okay for everyone else? 3 days of running and no entries(?).
View attachment 56047

I feell the *-- may be relevant, but willing to be corrected.

EDIT: Got a funny feeling I've asked this before.

I have one entry with multiple instances.

 

[Ripshod]

I have one entry with multiple instances.

Thanks. All I can say is I must have well-behaved devices.

 

[visortgw]

Thanks. All I can say is I must have well-behaved devices.

AiProtect enabled?

 

[Ripshod]

AiProtect enabled?

Nope. I don't think it's necessary.

 

[Adamm]

Is the Top10 HTTP(s) Blocks section working okay for everyone else? 3 days of running and no entries(?).
View attachment 56047

I feell the *-- may be relevant, but willing to be corrected.

EDIT: Got a funny feeling I've asked this before.

No outbound blocks is good, it means none of your devices are trying to call home to a malicious server. The *— is simply the spinner feature for an “animated” interactive menu

 

[SomeWhereOverTheRainBow]

No outbound blocks is good, it means none of your devices are trying to call home to a malicious server. The *— is simply the spinner feature for an “animated” interactive menu

It's good to see you back around these parts @Adamm . Thank you for being here, and your hard work. Skynet is working better than ever.

 

[Adamm]

It's good to see you back around these parts @Adamm . Thank you for being here, and your hard work. Skynet is working better than ever.

I never left per se, I just disagree’d with decisions that were made that affected how I post about Skynet and supported users accordingly… My stance on the matter hasn’t changed but as long as Asus continue to internally support the project, Skynet will continue to work on current and future devices.

Thankfully for me a lot of failsafes were designed into Skynet that make it quite hard to break with firmware updates and easy to debug. We will see what the future holds once vlans get added into Asus-Merlin, perhaps Skynet v8 will finally see the light of day

I’d also like to see a better WebUI to go with Skynet but web development is not really my bread and butter so it is what it is.

 

[Ripshod]

Something weird is happening now. After a fresh install of everything recently, Skynet has disappeared. No entry in amtm brought me to the fact that /jffs/scripts/firewall keeps getting deleted by something.
If I try to reinstall through amtm the installer runs fine until chmod fails as the file is missing. Installing using curl from the github repo fails in the same way. I tried restoring the file from a backup and it just disappears. I tried creating the file manually but again, as soon as it's created, it disappears again.
Nothing in the logs.
Any thoughts?

chmod: /jffs/scripts/firewall: No such file or directory

EDIT: Nevermind. Fixed it with this thread here:

Skynet - Unable to Install Skynet

I've pored through the forum trying to find a solution. Unable to install Skynet. This is error i get - "chmod: /jffs/scripts/firewall: No such file or directory Updated chart.js Updated chartjs-plugin-zoom.js Updated hammerjs.js Updated skynet.asp" "^[` Restarting Firewall Service To...

www.snbforums.com

Thanks to @dave14305

 

[dave14305]

Any thoughts?

Skynet - Unable to Install Skynet

I've pored through the forum trying to find a solution. Unable to install Skynet. This is error i get - "chmod: /jffs/scripts/firewall: No such file or directory Updated chart.js Updated chartjs-plugin-zoom.js Updated hammerjs.js Updated skynet.asp" "^[` Restarting Firewall Service To...

www.snbforums.com

 

[Ripshod]

Skynet - Unable to Install Skynet

I've pored through the forum trying to find a solution. Unable to install Skynet. This is error i get - "chmod: /jffs/scripts/firewall: No such file or directory Updated chart.js Updated chartjs-plugin-zoom.js Updated hammerjs.js Updated skynet.asp" "^[` Restarting Firewall Service To...

www.snbforums.com

Yeah. I'd already found it.

 

[visortgw]

There appears to be a new minor update committed yesteday by @dave14305, but still v7.5.6.

 

[Toby the Cat]

How long does it take for the Skynet log to become larger tan 0 ?
New router (RT-AX88U Pro) fresh WRT Merlin, followed by a new install of Skynet
(First installation of Skynet failed because of faulty USB drive)
In the routerinterface I see "No data to display" but there are IPs and Ranges banned ??
I removed and reinstalled Skynet a few times, nothing changed
I found the following thread where @dave14305 suggest a few commands, I tried both, log stays steady at 0 bytes and No data to display
https://www.snbforums.com/threads/no-data-to-display-in-skynet-statistics.78976/page-2

I'm only a simple flabbergasted user, if anyone can help me, please do

 

[Viktor Jaep]

How long does it take for the Skynet log to become larger tan 0 ?
New router (RT-AX88U Pro) fresh WRT Merlin, followed by a new install of Skynet
(First installation of Skynet failed because of faulty USB drive)
In the routerinterface I see "No data to display" but there are IPs and Ranges banned ??
I removed and reinstalled Skynet a few times, nothing changed
I found the following thread where @dave14305 suggest a few commands, I tried both, log stays steady at 0 bytes and No data to display
https://www.snbforums.com/threads/no-data-to-display-in-skynet-statistics.78976/page-2

I'm only a simple flabbergasted user, if anyone can help me, please do

Sometimes you just want to let things sit/settle for a few hours, or a day... then check back to see how things are working. Many times, log aggregation is done at intervals throughout the day... not something you would see immediately.