What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

just reporting in case others with diversion+skynet see similar;
i woke up this morning with my ac3100 cpu with one thread at 100% while everyone was still sleeping, soft reboot didn't work, so i power cycled and that got my cpu util% back to normal. i noticed this seems to happen when one of you push out an update and seems to fall out of list sync o_O i donno, that's just my primitive diagnosis.

As far as I know this issue is unrelated to Skynet. Your best bet is to follow the advice from other threads and run htop to find the process causing issues.

i just installed Skynet on my AC3200 and it seems that your install script is not aware of the usage of the swap partition. can you add the option to use a swap partition instead of creating of additional swap file?

Skynet (and all other user scripts) only support SWAP files, not partitions. Skynet does have basic swap partition detection but its considered an unsupported feature. You are much better off using the standardized SWAP installer found in these scripts.
 
is there some difference between swap file and partition (speed, usage ...)?
 
is there some difference between swap file and partition (speed, usage ...)?

A swap file is significantly easier to create/modify/detect.
 
Resolved post can deleted
 
I've pushed v6.7.5

  • Display country code in stats output
BYsw9ei.png
 
@Adamm would it be possible to have Skynet collect the logs for processing more often than once each hour? My logs with the IoT setting enabled is creating log spam like never before. Thanks in advance!;):)
 
@Adamm would it be possible to have Skynet collect the logs for processing more often than once each hour? My logs with the IoT setting enabled is creating log spam like never before. Thanks in advance!;):)
Sounds like you are ready for syslog-ng.
 
@Adamm would it be possible to have Skynet collect the logs for processing more often than once each hour? My logs with the IoT setting enabled is creating log spam like never before. Thanks in advance!;):)

You can modify/create a new cronjob to suit your needs.

Code:
cru d Skynet_save

cru a Skynet_save "0 * * * * sh /jffs/scripts/firewall save"
 
.
You can modify/create a new cronjob to suit your needs.

Code:
cru d Skynet_save

cru a Skynet_save "0 * * * * sh /jffs/scripts/firewall save"
Thank you sir.:D
 
You can modify/create a new cronjob to suit your needs.

Code:
cru d Skynet_save

cru a Skynet_save "0 * * * * sh /jffs/scripts/firewall save"
If I do a backup of Skynet, will the change in crond job be backed up too?
 
If I do a backup of Skynet, will the change in crond job be backed up too?

Cronjobs are readded every boot (and firewall restart) by Skynet. The easiest solution would be to make a completely new cron and add it to one of the startup scripts..

Code:
cru d Custom_save
cru a Custom_save "30 * * * * sh /jffs/scripts/firewall save"

The code above would run the save command on the 30th minute of every hour (the original does it on the hour).
 
Cronjobs are readded every boot (and firewall restart) by Skynet. The easiest solution would be to make a completely new cron and add it to one of the startup scripts..

Code:
cru d Custom_save
cru a Custom_save "30 * * * * sh /jffs/scripts/firewall save"

The code above would run the save command on the 30th minute of every hour (the original does it on the hour).
Doing the above would cause Skynet to save twice at the top of the hour, is this correct?
 
Doing the above would cause Skynet to save twice at the top of the hour, is this correct?

It would save once at the top of the hour and once at 30 minutes past.
 
It would save once at the top of the hour and once at 30 minutes past.
OK I got a bit more aggressive than that. I want a save to run every 5 minutes. So I have the cron working now, but I bet being as though the other default hourly save cron still exists, it will run at the top of the hour as well as mine, right?
 
OK I got a bit more aggressive than that. I want a save to run every 5 minutes. So I have the cron working now, but I bet being as though the other default hourly save cron still exists, it will run at the top of the hour as well as mine, right?

No. This cron would run once on the 30th minute in addition to the default cron running at the 0th minute of every hour.

https://crontab.guru/#30_*_*_*_*
 
With all the discussion I decided I would try SkyNet and see what it added to my firewall above and beyond AiProtection adds. SkyNet runs very well and doesn't seem to use a lot of processor clock cycles.

1. It certainly seems to be blocking lots of IPs (2218) and 9,397 events are shown when I run the list of stats. With SkyNet running Two-Way IPS hasn't reported a single hit in the four days.

2. The thing I haven't figured out yet is why SkyNet is reporting many hundreds of inbound hits on more than one hundred of my network ports from Speedguide.net. Blocking an IP I found for speedguide's IP didn't seem to change anything. Anyone else seen similar activity reported in Skynet for speedguide? As far as I can tell I don't have any infected devices and even if I did it seems strange that it would be triggering inbound traffic on so many ports.
 
2. The thing I haven't figured out yet is why SkyNet is reporting many hundreds of inbound hits on more than one hundred of my network ports from Speedguide.net. Blocking an IP I found for speedguide's IP didn't seem to change anything. Anyone else seen similar activity reported in Skynet for speedguide? As far as I can tell I don't have any infected devices and even if I did it seems strange that it would be triggering inbound traffic on so many ports.

I think you are interpreting the stats wrong (or maybe I've misdiagnosed the issue, in which case send me a snippet of the logs). The speedguide links are for user convenience to investigate what traffic is potentially going through the corresponding blocked port. Double check all the headings and take another look.
 
I think you are interpreting the stats wrong (or maybe I've misdiagnosed the issue, in which case send me a snippet of the logs). The speedguide links are for user convenience to investigate what traffic is potentially going through the corresponding blocked port. Double check all the headings and take another look.

It could be I am not understanding what the data tabel is showing. If you are saying this is the Ports the 9,397 blocked IPs were trying to reach then that makes sense. I guess it is useful to know not only what IPs were knocking but on what door.

Thanks.


-------- | -------- | --------------
| Hits | | | Port | | | SpeedGuide |
-------- | -------- | --------------

683x | 23 | https://www.speedguide.net/port.php?port=23
498x | 1433 | https://www.speedguide.net/port.php?port=1433
467x | 8088 | https://www.speedguide.net/port.php?port=8088
371x | 8545 | https://www.speedguide.net/port.php?port=8545
241x | 5060 | https://www.speedguide.net/port.php?port=5060
179x | 22 | https://www.speedguide.net/port.php?port=22
173x | 3389 | https://www.speedguide.net/port.php?port=3389
120x | 8080 | https://www.speedguide.net/port.php?port=8080
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top