Aegis Aegis (simple yet effective protection)

[Jauger]

this is what I am getting

• Something is not right!

Errors

• iptables: engine chains are not right!
• iptables: whitelist rules are not right!

if i run update from the command line it hangs up. run update from the web ui and it seems to be ok except for "current logging settings differs from last time engine was started"...but if i make any change to my list it goes back to the original error

 

[HELLO_wORLD]

this is what I am getting

• Something is not right!

Errors

• iptables: engine chains are not right!
• iptables: whitelist rules are not right!

if i run update from the command line it hangs up. run update from the web ui and it seems to be ok except for "current logging settings differs from last time engine was started"...but if i make any change to my list it goes back to the original error

Ok, I suppose you did the aegis clean first?

Can you post the content of the full status in the web page, particularly the debug section?

 

[h1ms3lf]

After executing clean + update, I get an warning message "current logging settings differs from last time engine was started." but everything seems to work just fine.

 

[HELLO_wORLD]

this is what I am getting

• Something is not right!

Errors

• iptables: engine chains are not right!
• iptables: whitelist rules are not right!

if i run update from the command line it hangs up. run update from the web ui and it seems to be ok except for "current logging settings differs from last time engine was started"...but if i make any change to my list it goes back to the original error

I was able to reproduce this bug.
Aegis is working, but it creates extra lines with aegis update or aegis load_set.
Temp solution to get rid of error is to an aegis restart after an aegis update

Will fix that soon...

 

[HELLO_wORLD]

1.4.1

Aegis Core:
- improvement and bug fixes.

This solves the bugs experienced with 1.4.0

 

[Panner]

R9000
Just done a full reinstall (Voxel 1.04.45.2 & Kamoj 5.4.b12) & Aegis 1.4.1

Aegis reporting same errors

Full info:

Status @ 2020-12-07 09:03:05 (router time)

• Something is not right!

Errors

• iptables: WAN network range bypass rules are not right!
• iptables: whitelist rules are not right!

Warnings

• iptables: VPN network range bypass rules are missing!
• current logging settings differs from last time engine was started.

Detailed status

• Active WAN interface is 'brwan'.
• Active VPN tunnel is 'tun21'.
• Blocklist generation time: 2020-12-07 08:58:02
• Whitelist generation time: 2020-12-07 08:58:03
• 'firewall-start.sh' is set for aegis.
• 'post-mount.sh' is set for aegis.
• ipset: blocklist is set.
• ipset: whitelist is set.
• iptables: engine chains are set.
• iptables: VPN tunnel IFO rules are set.
• iptables: WAN interface IFO rules are set.

Last Aegis engine launch report

• engine was launched from: aegis script @ 2020-12-07 08:58:05
• WAN interface was 'brwan'.
• VPN tunnel was 'tun21'.
• ipset: blocklist was set from file.
• ipset: whitelist was set from file.
• iptables: engine inbound chain was set.
• iptables: engine outbound chain was set.
• iptables: inbound WAN network range bypass rules were set.
• iptables: outbound WAN network range bypass rules were set.
• iptables: inbound VPN network range bypass rules were set.
• iptables: outbound VPN network range bypass rules were set.
• iptables: inbound whitelist rules were set.
• iptables: outbound whitelist rules were set.
• iptables: inbound logging rules were set.
• iptables: outbound logging rules were set.
• iptables: WAN interface IFO rules were set.
• iptables: VPN tunnel IFO rules were set.

Debug

• device info: R9000 R9000 V1.0.4.45.2HF
• aegis info: aegis 1.4.1-ext
• status codes: /brwan/tun21/619741203-1
• file codes: 25162191/brwan/tun21
• iptables engine rules:
  • -N aegis_dst
  • -N aegis_src
  • -A INPUT -i brwan -m set --match-set aegis_bl src -m comment --comment "incoming in aegis blacklist" -j aegis_src
  • -A INPUT -i tun21 -m set --match-set aegis_bl src -m comment --comment "incoming in aegis blacklist" -j aegis_src
  • -A FORWARD -i brwan -m set --match-set aegis_bl src -m comment --comment "incoming in aegis blacklist" -j aegis_src
  • -A FORWARD -i tun21 -m set --match-set aegis_bl src -m comment --comment "incoming in aegis blacklist" -j aegis_src
  • -A FORWARD -o brwan -m set --match-set aegis_bl dst -m comment --comment "outgoing in aegis blacklist" -j aegis_dst
  • -A FORWARD -o tun21 -m set --match-set aegis_bl dst -m comment --comment "outgoing in aegis blacklist" -j aegis_dst
  • -A OUTPUT -o brwan -m set --match-set aegis_bl dst -m comment --comment "outgoing in aegis blacklist" -j aegis_dst
  • -A OUTPUT -o tun21 -m set --match-set aegis_bl dst -m comment --comment "outgoing in aegis blacklist" -j aegis_dst
  • -A aegis_dst -d 192.168.1.0/24 -o brwan -m comment --comment "aegis inet bypass" -j RETURN
  • -A aegis_dst -d 10.8.8.0/24 -o tun21 -m comment --comment "aegis inet bypass" -j RETURN
  • -A aegis_dst -m set --match-set aegis_wl dst -m comment --comment "in aegis whitelist" -j RETURN
  • -A aegis_dst -j LOG --log-prefix "[aegis] "
  • -A aegis_dst -m comment --comment "aegis reject outgoing" -j REJECT --reject-with icmp-admin-prohibited
  • -A aegis_src -s 192.168.1.0/24 -i brwan -m comment --comment "aegis inet bypass" -j RETURN
  • -A aegis_src -s 10.8.8.0/24 -i tun21 -m comment --comment "aegis inet bypass" -j RETURN
  • -A aegis_src -m set --match-set aegis_wl src -m comment --comment "in aegis whitelist" -j RETURN
  • -A aegis_src -j LOG --log-prefix "[aegis] "
  • -A aegis_src -m comment --comment "aegis drop incoming" -j DROP
• ipset engine sets:
  • blocklist:
    • Name: aegis_bl
    • Type: hash:net
    • Revision: 6
    • Header: family inet hashsize 16384 maxelem 48057
    • Size in memory: 1034428
    • References: 8
    • Number of entries: 48057
  • whitelist:
    • Name: aegis_wl
    • Type: hash:net
    • Revision: 6
    • Header: family inet hashsize 1024 maxelem 1
    • Size in memory: 432
    • References: 2
    • Number of entries: 1

Tried clean, update, restart - errors do not clear

 

[HELLO_wORLD]

R9000
Just done a full reinstall (Voxel 1.04.45.2 & Kamoj 5.4.b12) & Aegis 1.4.1

Aegis reporting same errors

Thank you for the report.

First, the aegis firewall is working for you, so you are protected. Now the status evaluation algorithm is not happy, and not reporting properly; to figure out what is going on, I need to see if your subnet is changing.
Could you run this, and report?

ip -4 addr show

 

[Panner]

Thanks

details as follows:

ip -4 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
11: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 192.168.2.1/24 brd 192.168.2.255 scope global br0
valid_lft forever preferred_lft forever
12: brwan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 192.168.1.110/24 brd 192.168.1.255 scope global brwan
valid_lft forever preferred_lft forever
24: tun21: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
inet 10.8.8.5/24 brd 10.8.8.255 scope global tun21
valid_lft forever preferred_lft forever

 

[HELLO_wORLD]

Thanks

details as follows:

Thank you.

This made me realize that the debug in Web Companion is not complete. I fixed it for next version.
Meanwhile, can you run this from command line:

aegis status -vv | grep -F CODE

With that, I will have everything I need to analyse what the problem is and fix it this week.

 

[Panner]

No Problem

As follows:

root@R9000:~$ aegis status -vv | grep -F CODE
Errors: (CODE: 160)
Warnings: (CODE: 192)
Detailed status: (CODE: 1567)
'aegis' engine last launch report: (CODE: 1-109-49144)

Hope that helps and thanks for your efforts

 

[HELLO_wORLD]

No Problem

As follows:

root@R9000:~$ aegis status -vv | grep -F CODE
Errors: (CODE: 160)
Warnings: (CODE: 192)
Detailed status: (CODE: 1567)
'aegis' engine last launch report: (CODE: 1-109-49144)

Hope that helps and thanks for your efforts

It helped

 

[HELLO_wORLD]

Version 1.4.2

Fixed the bug discovered by @Panner
Status Debug in Web is more complete

 

[NetBytes]

1.4.2 all good. Thanks again

 

[Panner]

Just updated and no problems

Thanks

 

[HELLO_wORLD]

Version 1.4.3

Aegis Core: fixed bug introduced by 1.4.2 where log status would not survive an internal firewall restart (not from aegis), a router reboot or firmware upgrade.

 

[D3FenD3r]

and already a couple of mornings that I open the router and see like this

 

[Panner]

Same here - and the launch was around the same time 03:15 this morning

Restart seems to clear it
After a Clean and Update it is OK

 

[HELLO_wORLD]

Ok, the error you are encountering is minor (rule in double, not preventing aegis to work).
It seems that it is when it is called from the crontab.

Can you share the command used in your cron at 3:15?
If you are using @kamoj add on, it should show somewhere in his add on settings.

 

[Panner]

I am using Kamoj addon V5.4b13 (R9000 Voxel V1.0.4.46).

/tmp/addons/cron/cronaegis/crontabs:
15 3 * * * [ -x /opt/bolemo/scripts/aegis ] && /bin/sh /opt/bolemo/scripts/aegis update

 

[HELLO_wORLD]

Thanks.
If you manually just run aegis update, do you have the same problem?