What's new

[Release] Skynet - Router Firewall & Security Enhancements

thecheapseats

Regular Contributor
Merlin's instructions had it right... yep... goofy gui... no wonder those things get hammered...
 

Lurkmaster

Occasional Visitor
Big decrease in Skynet inbound blocks
...after the recent entware updates.
I did reboot after the entware updates. Inbound blocks went from several a minute to maybe 1 or 2 an hour. I don't think that many bad guys just vanished all of the sudden. Any correlation or just coincidence? I would think if there were an issue with an updated library, etc, then something would not work at all, rather than this decrease in blocks I am seeing. Ideas?
 

Lurkmaster

Occasional Visitor
Thanks Dave. Nope, same WAN IP.
 

Lurkmaster

Occasional Visitor
Update blacklist fails from within menu with a curl error. I actually uninstalled / re-installed Skynet attempting to solve and no luck.

Any pointers?

(v7.2.2)

Code:
[$] /jffs/scripts/firewall banmalware

============================================

[i] Custom Filter Detected: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts


[i] Downloading filter.list         | [1s]


[i] Refreshing Whitelists           | [11s]


[i] Consolidating Blacklist         | curl: no URL specified!


curl: try 'curl --help' for more information


[0s]


[*] List Content Error Detected - Stopping Banmalware
 
Last edited:

Adamm

Part of the Furniture
Update blacklist fails from within menu with a curl error. I actually uninstalled / re-installed Skynet attempting to solve and no luck.

Any pointers?

(v7.2.2)

Code:
[$] /jffs/scripts/firewall banmalware

============================================

[i] Custom Filter Detected: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts


[i] Downloading filter.list         | [1s]


[i] Refreshing Whitelists           | [11s]


[i] Consolidating Blacklist         | curl: no URL specified!


curl: try 'curl --help' for more information


[0s]


[*] List Content Error Detected - Stopping Banmalware
Your list is in the wrong format, not only is it not a filter list (see the default list as an example), but it is also a domain list not an IP list which would be better suited for something like Diversion.
 

Daveo

Occasional Visitor
Just installed Skynet and see the following in log file...

Sep 15 14:16:37 Skynet: [!] Warning! Router Malware Detected (apps_wget_timeout=3O) - Investigate Immediately!
Sep 15 14:16:37 Skynet: [!] Warning! Router Malware Detected (chkupdate.sh) - Investigate Immediately!

I'm pretty sure the chkupdate.sh is for one of the scripts I have installed, so how do I whitelist these entries ?
 

RMerlin

Asuswrt-Merlin dev
Just installed Skynet and see the following in log file...

Sep 15 14:16:37 Skynet: [!] Warning! Router Malware Detected (apps_wget_timeout=3O) - Investigate Immediately!
Sep 15 14:16:37 Skynet: [!] Warning! Router Malware Detected (chkupdate.sh) - Investigate Immediately!

I'm pretty sure the chkupdate.sh is for one of the scripts I have installed, so how do I whitelist these entries ?
You don't. The first line will be 100% accurate - your router was definitely infected by malware. You should do a factory default reset, clear up your JFFS partition, and reconfigure everything.

And keep WAN access to your webui disabled.
 

Adamm

Part of the Furniture
Just installed Skynet and see the following in log file...

Sep 15 14:16:37 Skynet: [!] Warning! Router Malware Detected (apps_wget_timeout=3O) - Investigate Immediately!
Sep 15 14:16:37 Skynet: [!] Warning! Router Malware Detected (chkupdate.sh) - Investigate Immediately!

I'm pretty sure the chkupdate.sh is for one of the scripts I have installed, so how do I whitelist these entries ?
Adding onto Merlins post, the second warning should also be accurate (these are both IOC's of the same strand of malware);

Code:
    if [ -f "/jffs/chkupdate.sh" ] || [ -f "/tmp/update" ] || [ -f "/tmp/.update.log" ] || [ -f "/jffs/runtime.log" ] || grep -qF "upgrade.sh" "/jffs/scripts/openvpn-event" 2>/dev/null; then
        logger -st Skynet "[!] Warning! Router Malware Detected (chkupdate.sh) - Investigate Immediately!"
Most definitely time for a factory reset
 

Daveo

Occasional Visitor
Just done a factory reset and got most things setup. Now got to reinstall scripts.
 

badtoast

New Around Here
Hi all,

Trying to understand if this is normal. After installing Skynet, I noticed my CPU usage is quite busy and my RAM usage has gone way up. It looks like the dual core processors are alternating processing. I do have a 2GB swap file:

1600192708506.png




[email protected]:/tmp/home/root# free
total used free shared buffers cached
Mem: 440368 404576 35792 568 11984 78060
-/+ buffers/cache: 314532 125836
Swap: 2097148 16496 2080652


My system log is just full of this:


Sep 15 13:51:54 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=193.27.229.47 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=52803 PROTO=TCP SPT=53984 DPT=3441 SEQ=93946467 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:52:02 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=27.0.48.227 DST=[X.X.X.X] LEN=44 TOS=0x00 PREC=0x20 TTL=43 ID=17077 PROTO=TCP SPT=55372 DPT=23 SEQ=1262829905 ACK=0 WINDOW=51804 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000

Sep 15 13:52:07 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.22 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=53890 PROTO=TCP SPT=59777 DPT=19005 SEQ=1466882542 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:52:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=195.54.161.123 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=27092 PROTO=TCP SPT=56036 DPT=8757 SEQ=613026480 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:52:43 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=35.228.243.135 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=230 ID=52632 PROTO=TCP SPT=49155 DPT=3253 SEQ=931364988 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:52:56 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=80.82.77.245 DST=[X.X.X.X] LEN=57 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=UDP SPT=51987 DPT=8057 LEN=37 MARK=0x8000000

Sep 15 13:53:00 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.13 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=56417 PROTO=TCP SPT=51778 DPT=8706 SEQ=1899806514 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:53:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=195.54.167.89 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=16767 PROTO=TCP SPT=55173 DPT=40705 SEQ=314023727 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:53:37 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=185.176.27.30 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=20360 PROTO=TCP SPT=51963 DPT=12783 SEQ=3170910006 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:53:42 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.155.205.34 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=237 ID=19592 PROTO=TCP SPT=57293 DPT=6874 SEQ=3321173763 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:54:00 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.21 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=28154 PROTO=TCP SPT=59773 DPT=39708 SEQ=22788023 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:54:27 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.24 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=21006 PROTO=TCP SPT=42441 DPT=22828 SEQ=3479259763 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:54:36 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=185.176.27.34 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=58635 PROTO=TCP SPT=51066 DPT=12781 SEQ=2915145143 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:54:42 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.155.205.34 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=49323 PROTO=TCP SPT=57293 DPT=6162 SEQ=1793497576 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:54:45 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=74.120.14.21 DST=[X.X.X.X] LEN=44 TOS=0x00 PREC=0x20 TTL=39 ID=59973 PROTO=TCP SPT=12230 DPT=22 SEQ=2136615641 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000

Sep 15 13:54:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=192.35.169.41 DST=[X.X.X.X] LEN=44 TOS=0x00 PREC=0x20 TTL=37 ID=39657 PROTO=TCP SPT=54961 DPT=8016 SEQ=50018778 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000

Sep 15 13:54:59 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=192.241.227.113 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=246 ID=54321 PROTO=TCP SPT=54766 DPT=7777 SEQ=815438772 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:55:03 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.6 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=18858 PROTO=TCP SPT=42260 DPT=13460 SEQ=3211148399 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:55:16 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=185.176.27.26 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=2504 PROTO=TCP SPT=50044 DPT=12698 SEQ=20674819 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:55:20 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.156 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=60650 PROTO=TCP SPT=49366 DPT=3441 SEQ=1938071754 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:55:27 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=162.142.125.73 DST=[X.X.X.X] LEN=44 TOS=0x00 PREC=0x20 TTL=40 ID=59513 PROTO=TCP SPT=52465 DPT=5005 SEQ=3078015121 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000

Sep 15 13:56:01 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=162.144.150.118 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=231 ID=22242 PROTO=TCP SPT=52780 DPT=24202 SEQ=848644409 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:56:06 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.43 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=37592 PROTO=TCP SPT=45927 DPT=11580 SEQ=2718957237 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:56:17 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=185.176.27.26 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=1946 PROTO=TCP SPT=50044 DPT=12699 SEQ=4205934416 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

Sep 15 13:56:18 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=04:92:26:82:2b:00:e8:65:49:b9:98:22:08:00 SRC=45.129.33.13 DST=[X.X.X.X] LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=21792 PROTO=TCP SPT=51778 DPT=8770 SEQ=4194055731 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000


Other than this observation, I think everything is working correctly. Can someone confirm?

Much appreciated!
 

Adamm

Part of the Furniture
Trying to understand if this is normal. After installing Skynet, I noticed my CPU usage is quite busy
An initial spike is to be expected but it should settle after a minute or so, if the CPU spike is prolonged then you can investigate with the top command.

RAM usage has gone way up
Solution

My system log is just full of this:
That's completely normal and to be expected with logging enabled, Skynet will self-manage these logs and generate stats from them.
 

gattaca

Senior Member
Thanks Dave. Nope, same WAN IP.
You are not dreaming. I've seen similar on my AC86U @ 384.19. There are huge gaps in the logs and I know these a*((* are still pounding the router since I rebooted it at 06:00.. yet nada. Something is up with either 384.19 a/o these entware updates.

Code:
...
Sep 15 06:13:19 crond[1266]: time disparity of 1244468 minutes detected
Sep 15 06:15:22 dropbear[5990]: Child connection from 192.168.111.77:58434
Sep 15 06:15:23 dropbear[5990]: Password auth succeeded for 'redacted' from 192.888.222.333:111222333
Sep 15 07:17:01 kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
... NOTHING until 11:45.. NO WAY..
Sep 15 11:45:00 Diversion: found 2 new YouTube hosts, total is 1471 (counter at 27 of 30)
Sep 15 11:48:55 rc_service: httpds 1271:notify_rc restart_wrs;restart_firewall
Sep 15 11:48:55 custom_script: Running /jffs/scripts/service-event (args: restart wrs)
Sep 15 11:48:55 kernel: IDPfw: Exit IDPfw
Sep 15 11:48:55 kernel: mod epilog takes 0 jiffies
Sep 15 11:48:55 kernel: IDPfw: Exit IDPfw
Sep 15 11:48:56 kernel: Exit chrdev /dev/idpfw with major 191
Sep 15 11:48:56 kernel: Exit chrdev /dev/detector with major 190
Sep 15 11:48:56 custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Sep 15 11:48:56 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Sep 15 11:48:56 custom_script: Running /jffs/scripts/nat-start
Sep 15 11:48:56 ntpMerlin: Sleeping for 5s to allow firewall/nat startup to be completed...
Sep 15 11:48:56 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Sep 15 12:04:00 Diversion: found 1 new YouTube hosts, total is 1472 (counter at 14 of 30)
Sep 15 12:18:01 Diversion: found 1 new YouTube hosts, total is 1473 (counter at 12 of 30)
Sep 15 12:38:00 Diversion: found 2 new YouTube hosts, total is 1475 (counter at 15 of 30)
Sep 15 12:47:01 Diversion: found 1 new YouTube hosts, total is 1476 (counter at 8 of 30)
Sep 15 12:49:30 Skynet: [#] 312606 IPs (+0) -- 21906 Ranges Banned (+0) || 290 Inbound -- 0 Outbound Connections Blocked! [debug] [30s]
Sep 15 13:00:06 Skynet: [#] 312606 IPs (+0) -- 21906 Ranges Banned (+0) || 375 Inbound -- 0 Outbound Connections Blocked! [save] [6s]
Sep 15 14:00:06 Skynet: [#] 312606 IPs (+0) -- 21906 Ranges Banned (+0) || 713 Inbound -- 0 Outbound Connections Blocked! [save] [6s]
... And then no blocks until I log back in via the GUI and look at the logs?   NO WAY..
Sep 15 14:00:11 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=4c:ed:fb:90:00:98:00:17:01:98:ef:13:08:00 SRC=195.54.161.122 DST=redacted LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=30965 PROTO=TCP SPT=56108 DPT=9231 SEQ=2671934643 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
...
 

badtoast

New Around Here
An initial spike is to be expected but it should settle after a minute or so, if the CPU spike is prolonged then you can investigate with the top command.
WOW!! I just discovered the htop function (I'm a noob...) and am continually blown away by the power of these command line commands. Interesting, CPU level shows low here:

1600199706485.png


CPU percentage is around 3-5%, sometimes up to 15% but not often at all.

It appears that my WebGUI is spitting out faulty info then? Any idea why that might be?

Thank you @Adamm![/QUOTE]
 

Lurkmaster

Occasional Visitor
Your list is in the wrong format, not only is it not a filter list (see the default list as an example), but it is also a domain list not an IP list which would be better suited for something like Diversion.
Well that was dumb of me. Thanks Adamm.
 

Daveo

Occasional Visitor
Adding onto Merlins post, the second warning should also be accurate (these are both IOC's of the same strand of malware);

Code:
    if [ -f "/jffs/chkupdate.sh" ] || [ -f "/tmp/update" ] || [ -f "/tmp/.update.log" ] || [ -f "/jffs/runtime.log" ] || grep -qF "upgrade.sh" "/jffs/scripts/openvpn-event" 2>/dev/null; then
        logger -st Skynet "[!] Warning! Router Malware Detected (chkupdate.sh) - Investigate Immediately!"
Most definitely time for a factory reset
Any idea how this happened, as I'm struggling to work out what happened.

Also, what does IOC mean?
 

Adamm

Part of the Furniture

Daveo

Occasional Visitor
I did have Webui accessible by wan on my old router as that was the only way to get ddns working with afraid. I imported settings and jffs backup to new router, so I think it was my old router that was hacked then carried over when I upgraded router.

Router has been factory reset and completely re-setup and all is now working without issue.

At first I thought it was one of the scripts I installed via amtm but yourself & RMerlin said otherwise.
 
Last edited:

Dee dee

Regular Contributor
Question:
I reformatted and restaged my usb stick after my old one died.

I installed amtm,skynet,diversion.

When i test skynet it doesn't seem to block a test site (only added to skynet).

It shows in the log that it's blocking but I can still access the site via browser and on my phone.

I even ran debug on my phone's IP (192.168.2.5) and went to it and it still showed the site and didn't show blocked.
My router is behind my fios modem and I saw message when i first ran stating it needs to be in a certain mode for it work, but I didn't understand.

Thanks for reading.

Code:
Last 50 Manual Bans;


--------------       | --------------                                          | --------------                                | ----------------------
| IP Address |       | | AlienVault |                                          | | Ban Reason |                                | | Associated Domains |
--------------       | --------------                                          | --------------                                | ----------------------

104.105.46.25        | https://otx.alienvault.com/indicator/ip/104.105.46.25   | ManualBanD: dominos.com                       |
Also does it matter if my IP address is in RED?

Code:
Skynet Version;  (11/09/2020) (9aae16544adf0c1c4a20b67dfdba9e00)
iptables v1.4.15 - (eth0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.1.4)
FW Version; 384.15_0 (Feb 8 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/Router/skynet (11.4G / 14.3G Space Available)

312938 IPs (+0) -- 1784 Ranges Banned (+0) || 6 Inbound -- 0 Outbound Connections Blocked!
Lastly im getting the "tail " error, unsure what this means(when trying to debug)?
Code:
[i] Watching Syslog For Log Entries (ctrl +c) To Stop

tail: can't open '': No such file or directory
 
Last edited:

dave14305

Part of the Furniture
I installed amtm,skynet,diversion.

When i test skynet it doesn't seem to block a test site (only added to skynet).

It shows in the log that it's blocking but I can still access the site via browser and on my phone.
Diversion is better suited to blocking a website via hostname instead of trying to block individual IPs that can be affiliated with multiple websites (and a website can have multiple IPs).
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top