What's new

[Release] Skynet - Router Firewall & Security Enhancements

LaMpiR

Occasional Visitor
I am getting this error when I try to start skynet from amtm. I have updated amtm and rebooted once more.

/jffs/scripts/firewall: line 40: arithmetic syntax error

Amtm is showing that skynet should be updated, but cannot open it in order to to the update. I have 7.2.0 version at the moment.
 

Adamm

Part of the Furniture
I am getting this error when I try to start skynet from amtm. I have updated amtm and rebooted once more.

/jffs/scripts/firewall: line 40: arithmetic syntax error

Amtm is showing that skynet should be updated, but cannot open it in order to to the update. I have 7.2.0 version at the moment.
What is the output of;

Code:
firewall debug info
 

nakti

Occasional Visitor
@nakti, how are you formatting it? Using amtm or on a computer?
Sorry for late answer.
Did format it to FAT on computer first and then plugged it in to the router and format it to ext via amtm
 

LaMpiR

Occasional Visitor
What is the output of;

Code:
firewall debug info
Router Model;
Skynet Version; (12/08/2020) (9f72d6908929b711bf4ecbf665e26682)
iptables v1.4.15 - (eth0 @ 10.1.1.1)
ipset v6.32, protocol version: 6
IP Address; (xx.xx.xx.xx)
FW Version; 384.19_0 (Aug 14 2020) (4.1.51)
Install Dir; /tmp/mnt/SKYNET/skynet (1.7G / 3.7G Space Available)
Syslog Location; () ()
Uptime; 0 days, 8 hours, 46 minutes.
Ram Available; (414M / 882M)


--------------- | ------------ | --------------- | ----------
| Device Name | | | Local IP | | | MAC Address | | | Status |
--------------- | ------------ | --------------- | ----------

xx | 10.1.1.2 | 00:00:00:00:00:00 | Online
xx | 10.1.1.8 | 00:00:00:00:00:00 | Inactive



-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Disabled]
Malware List Auto-Updates | [Disabled]
Logging | [Disabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Disabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Disabled]
Secure Mode | [Disabled]
Fast Switch List | [Disabled]
Syslog Location | [Custom]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Disabled]
CDN Whitelisting | [Disabled]
Display WebUI | [Disabled]

14/14 Tests Sucessful


====================================================================================================


/jffs/scripts/firewall: line 5678: arithmetic syntax error
 

Adamm

Part of the Furniture
Your config file is missing, I suggest trying to use the install command.
 

LaMpiR

Occasional Visitor
Your config file is missing, I suggest trying to use the install command.

Code:
--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Disabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

17/17 Tests Sucessful


====================================================================================================


[#] 314806 IPs (+0) -- 1730 Ranges Banned (+0) || 37 Inbound -- 0 Outbound Connections Blocked! [deb
It's working again. Thank you. Everything looks good.
 

andywee

Occasional Visitor
I am having issues with No data to display. currently on 7.2.1 all updated.

NO DATA TO DISPLAY problem
in webui , skynet
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Inbound) (click to expand/collapse)

it shows No data to display..
but the rest is fine,.


but putty sh /jffs/scripts/firewall stats it shows some data.
current log file is 8.8MB
System log
Default message log level : NOTICE
Log only messages more urgent than : DEBUG



sh /jffs/scripts/firewall debug info


| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Config File | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]
 

Adamm

Part of the Furniture
NO DATA TO DISPLAY problem
in webui , skynet
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)
This is normal and just means you haven't had any outbound blocks since the last log purge. Is the manual stats command showing something different?
 

andywee

Occasional Visitor
yeah, manual stats are showing stuff.
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Inbound) (click to expand/collapse)

has been showing empty for almost 2 months now.
 

Adamm

Part of the Furniture
yeah, manual stats are showing stuff.
Top 10 HTTP(s) Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Outbound) (click to expand/collapse)
Top 10 Blocks (Inbound) (click to expand/collapse)

has been showing empty for almost 2 months now.
Upload a copy of the following files from your Skynet install directory;

skynet.log
stats.js
 

Adamm

Part of the Furniture

Adamm

Part of the Furniture
I've pushed v7.2.2

Code:
Covert CRLF during remote file import
Remove conflicting script check
Add config file test to debug info
Fix corrupted stats due to entry being on both whitelist and blacklist
 

GregS

Occasional Visitor
I'm having an issue banning an IP in skynet. It adds successfully, restarts but then I can curl that same ip without getting blocked. I've confirmed the ip shows up in skynet.ipset. What else should I check. I see inbound connections being blocked all the time, I have enabled it for both directions but haven't seen it block any outbound connections lately. Though I always figured that was because Diversion stops most stuff before it resolves.

Here's the key bits after I ban the ip and then try to curl it:
Banning 3.91.43.25
[#] 86748 IPs (+1) -- 1791 Ranges Banned (+0) || 18 Inbound -- 0 Outbound Connections Blocked! [ban] [2s]
[email protected]:/tmp/mnt/samsungusb/skynet# curl 3.91.43.25

..Response that proves it wasn't blocked

And here's the full debug info:
Code:
Router Model; RT-AX88U
Skynet Version; v7.2.1 (03/09/2020) (c61321f3672a2c330a2723b60a07a5f2)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (13.20.129.24)
FW Version; 384.18_0 (Jun 28 2020) (4.1.51)
Install Dir; /tmp/mnt/samsungusb/skynet (52.9G / 58.7G Space Available)
SWAP File; /tmp/mnt/samsungusb/myswap.swp (2.0G)
Uptime; 18 days, 7 hours, 3 minutes.
Ram Available; (502M / 882M)

--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Config File                         | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 7 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Passed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

18/18 Tests Sucessful


=============================================================================================================


[#] 86748 IPs (+0) -- 1791 Ranges Banned (+0) || 60 Inbound -- 0 Outbound Connections Blocked! [debug] [3s]
Thanks in advance :)
 

dave14305

Part of the Furniture
I'm having an issue banning an IP in skynet. It adds successfully, restarts but then I can curl that same ip without getting blocked. I've confirmed the ip shows up in skynet.ipset. What else should I check. I see inbound connections being blocked all the time, I have enabled it for both directions but haven't seen it block any outbound connections lately. Though I always figured that was because Diversion stops most stuff before it resolves.

Here's the key bits after I ban the ip and then try to curl it:
Banning 3.91.43.25
[#] 86748 IPs (+1) -- 1791 Ranges Banned (+0) || 18 Inbound -- 0 Outbound Connections Blocked! [ban] [2s]
[email protected]:/tmp/mnt/samsungusb/skynet# curl 3.91.43.25

..Response that proves it wasn't blocked

And here's the full debug info:

Thanks in advance :)
That IP is in the Amazon ASN, so it's whitelisted. Run firewall stats search ip 3.91.43.25 to see those details.
 

GregS

Occasional Visitor
That IP is in the Amazon ASN, so it's whitelisted. Run firewall stats search ip 3.91.43.25 to see those details.
Interesting, so what's the best way to block that 1 IP?

Here's the output of that command:
Code:
[i] Logging Data Detected in /tmp/mnt/samsungusb/skynet/skynet.log - 4.7M
[i] Monitoring From Sep 6 17:00:03 To Sep 8 15:44:10
[i] 17704 Block Events Detected
[i] 2594 Unique IPs
[i] 1 Manual Bans Issued

3.91.43.25 is in set Skynet-Whitelist.
3.91.43.25 is in set Skynet-Blacklist.
3.91.43.25 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
-*-
Blacklist Reason;
 "ManualBan: Work spyware"

Associated Domain(s);
xyz.hostedrmm.com

[i] IP Location - United States (AMAZON-AES / AS14618)

[i] 3.91.43.25 First Tracked On
[i] 3.91.43.25 Last Tracked On
[i] 0 Blocks Total

Event Log Entries From 3.91.43.25;
Sep 08 15:05:01 Skynet: [Manual Ban] TYPE=Single SRC=3.91.43.25 COMMENT=Work spyware

First Block Tracked From 3.91.43.25;

10 Most Recent Blocks From 3.91.43.25;
*--

Top 10 Targeted Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
-*-

Top 10 Sourced Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
--*

=============================================================================================================

[#] 86748 IPs (+0) -- 1791 Ranges Banned (+0) || 164 Inbound -- 0 Outbound Connections Blocked! [stats] [13s]
 

dave14305

Part of the Furniture
Interesting, so what's the best way to block that 1 IP?

Here's the output of that command:
Code:
[i] Logging Data Detected in /tmp/mnt/samsungusb/skynet/skynet.log - 4.7M
[i] Monitoring From Sep 6 17:00:03 To Sep 8 15:44:10
[i] 17704 Block Events Detected
[i] 2594 Unique IPs
[i] 1 Manual Bans Issued

3.91.43.25 is in set Skynet-Whitelist.
3.91.43.25 is in set Skynet-Blacklist.
3.91.43.25 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
-*-
Blacklist Reason;
 "ManualBan: Work spyware"

Associated Domain(s);
xyz.hostedrmm.com

[i] IP Location - United States (AMAZON-AES / AS14618)

[i] 3.91.43.25 First Tracked On
[i] 3.91.43.25 Last Tracked On
[i] 0 Blocks Total

Event Log Entries From 3.91.43.25;
Sep 08 15:05:01 Skynet: [Manual Ban] TYPE=Single SRC=3.91.43.25 COMMENT=Work spyware

First Block Tracked From 3.91.43.25;

10 Most Recent Blocks From 3.91.43.25;
*--

Top 10 Targeted Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
-*-

Top 10 Sourced Ports From 3.91.43.25 (Inbound);
--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------
--*

=============================================================================================================

[#] 86748 IPs (+0) -- 1791 Ranges Banned (+0) || 164 Inbound -- 0 Outbound Connections Blocked! [stats] [13s]
Since it's an AWS IP, I would figure out the hostname being requested by the client and block that in dnsmasq (easier with Diversion).
 

GregS

Occasional Visitor
Since it's an AWS IP, I would figure out the hostname being requested by the client and block that in dnsmasq (easier with Diversion).
I know what the hostname is but the config for this work spyware had it's IP hardcoded as a backup. I set up a static route to block it, only downside over skynet is I don't get the logging but I can live with that. Thanks.
 

dave14305

Part of the Furniture
do we have an update to this?
He fixed it yesterday. Update SkyNet.
I've pushed v7.2.2

Code:
Covert CRLF during remote file import
Remove conflicting script check
Add config file test to debug info
Fix corrupted stats due to entry being on both whitelist and blacklist
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top