Skynet Skynet - Router Firewall & Security Enhancements

[dave14305]

I likely could do it - but it adds a whole new dimension for support which I don't have the capacity to take on right now.

It seems like it should be reasonable to insert a tab (or how about an Addon tab section?). The bigger gap is the difference is JavaScript libraries available in the fork.

https://github.com/john9527/asuswrt-merlin/blob/374.43_2-update/release/src/router/www/state.js#L499

 

[Jack Yaz]

It seems like it should be reasonable to insert a tab (or how about an Addon tab section?). The bigger gap is the difference is JavaScript libraries available in the fork.

https://github.com/john9527/asuswrt-merlin/blob/374.43_2-update/release/src/router/www/state.js#L499

My old mounting methods used to modify state.js and others on the fly, so I'm sure I could add support for John's fork. Another issue I have in adding support is lack of a development unit. While I'm sure there would be volunteers, it is much more efficient to be able to rapidly edit and test, rather than sending an updated script for every change/edit

 

[Adamm]

IP Address; (192.168.100.50)

You are running a double nat situation, you need to put your ISP modem in bridge mode.

 

[WMConey]

You are running a double nat situation, you need to put your ISP modem in bridge mode.

Thanks - this was purportedly done some time ago. More fun on the phone with "tech support."

 

[martinr]

Having no outbound blocks is a good thing. Nothing in your network is trying to communicate with known malware ip addresses.

I was getting a new outbound block yesterday trying to read work emails in the Outlook client for iOS. An edge.net ip was blocked, so messages wouldn’t load. But usually outbound is rare for me, thankfully.

Indeed; I get a warm feeling seeing nothing in my Outbounds. But, for the hell of it, I’ve just picked a malicious IP address from a Skynet list (1.60.25.220) and stuck it in the browser address bar. Then when it failed to connect, I went to the Skynet stats ui, and there it was: a single block in the Outbounds. Even warmer feeling now.

 

[L&LD]

@martinr, I showed a customer the inbound blocks on my router via OpenVPN and they were mildly impressed but impressed enough to install Skynet on their RT-AC86U too.

They were even more impressed when in the next few hours they saw 1.1K outbound requests blocked. Now they swear by Skynet.

Needless to say, I think the kids had a 'family meeting' the next night.

 

[martinr]

@martinr, I showed a customer the inbound blocks on my router via OpenVPN and they were mildly impressed but impressed enough to install Skynet on their RT-AC86U too.

They were even more impressed when in the next few hours they saw 1.1K outbound requests blocked. Now they swear by Skynet.


Needless to say, I think the kids had a 'family meeting' the next night.

1.1k !!

 

[Wolfschiesst]

How do I have to enter the list of banned countries in the script started by AMTM?

Select Menu Option:
...
[2] --> Ban
...
[1-15]: 2

What Type Of Input Would You Like To Ban:
...
[4] --> Country
...
[1-5]: 4

Countries Currently Banned: ...
Input Country Abbreviations To Ban:

--> comma separated (example:
[Countries]: cn, ru, kp

--> or with just blanks in it (example):
[Countries]: cn ru kp

Only the latter seems to increase the ranges banned substantially.

Suggestion:
What about adding an example as help to the query in the script?

I consider the help text to be misleading (as it is only relevant for direct script calls from the shell) on behalf of the script to be started via AMTM:
( sh /jffs/scripts/firewall ban country "pk cn sa" ) This Bans The Known IPs For The Specified Countries (Accepts Single/Multiple Inputs If Quoted) http://www.ipdeny.com/ipblocks/data/countries/
Hint: The provided link has changed to "https://www.ipdeny.com/ipblocks/" only.

 

[Diamond67]

How do I have to enter the list of banned countries

Make a list of countries, e.g.

cn kp pk ir ua ar iq tw th lv ru ro cl vn ng in th id eg

and copy them all. And after choosing [4] --> Country just paste them all (for example in PuTTY right click with mouse and the list is pasted) and press Enter.

 

[iJorgen]

Make a list of countries, e.g.

cn kp pk ir ua ar iq tw th lv ru ro cl vn ng in th id eg

and copy them all. And after choosing [4] --> Country just paste them all (for example in PuTTY right click with mouse and the list is pasted) and press Enter.

Thanks for the info. I just found and tried this function today.
Is it a one-time import of IP-ranges that is done when you run this command or scheduled like the Malware blacklists?

 

[Adamm]

Thanks for the info. I just found and tried this function today.
Is it a one-time import of IP-ranges that is done when you run this command or scheduled like the Malware blacklists?

One time, these lists rarely change so updating them frequently would be unnessesary.

 

[JohnD5000]

In GUI under Tools it shows :
Swap 0.00/2048.00 MB

In AMTM shows:
sw manage Swap file /mnt/sdb1 2.0G
and
Swap file found at:
/tmp/mnt/sdb1/myswap.swp
Delete the Swap file? [1=Yes e=Exit]

In Skynet it shows:
Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 11 Of 10 )
Skynet: [*] Problem With USB Install Location - Please Fix Immediately!
Skynet: [*] When Fixed Run ( sh /jffs/scripts/firewall restart )
How do I fix this?
Thanks

 

[Adamm]

In GUI under Tools it shows :
Swap 0.00/2048.00 MB

In AMTM shows:
sw manage Swap file /mnt/sdb1 2.0G
and
Swap file found at:
/tmp/mnt/sdb1/myswap.swp
Delete the Swap file? [1=Yes e=Exit]

In Skynet it shows:
Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 11 Of 10 )
Skynet: [*] Problem With USB Install Location - Please Fix Immediately!
Skynet: [*] When Fixed Run ( sh /jffs/scripts/firewall restart )
How do I fix this?
Thanks

Your install dir is missing/changed locations, use the install command to fix;

sh /jffs/scripts/firewall install

 

[JohnD5000]

Your install dir is missing/changed locations, use the install command to fix;

sh /jffs/scripts/firewall install

Thanks, That fixed it. Not sure how install dir was missing changed (other than I installed beta1 from Alpha other day)

 

[Adamm]

Thanks, That fixed it. Not sure how install dir was missing changed (other than I installed beta1 from Alpha other day)

I assume because your USB doesn't have a label (which you should look into correcting), your mount point changed from /tmp/mnt/sdb1 to /tmp/mnt/sda1 or something similar.

 

[JohnD5000]

I assume because your USB doesn't have a label (which you should look into correcting), your mount point changed from /tmp/mnt/sdb1 to /tmp/mnt/sda1 or something similar.

Are there any instructions somewhere on how to add a label to a swap. That USB is a 2 TB SSD drive. I remember that I had to put multi partitions on it since the drive was too big to be read. Thought I did everything correct (did it 5 or so months ago and followed some posts).

Thanks

 

[fastcx]

For current version, how do I whitelist a certain range of ports?

 

[Adamm]

Are there any instructions somewhere on how to add a label to a swap. That USB is a 2 TB SSD drive. I remember that I had to put multi partitions on it since the drive was too big to be read. Thought I did everything correct (did it 5 or so months ago and followed some posts).

Thanks

tune2fs -L LabelName /dev/sda1

With /dev/sda1 being your partition path.

For current version, how do I whitelist a certain range of ports?

Skynet is an IP based blocking solution, not port.

 

[Adamm]

I've pushed v7.1.4

Better scribe support
- Send HUP to syslog-ng when filter added/removed
- Remove Skynet filter on uninstall
- Dynamically allocate syslogloc for scribe
- Fix directories

Warn user if modem not in bridge mode / CG-NAT enabled and Private IP is issued
Support device custom clientlist names in various locations
Make cronjob times actually random to prevent overloading upstream servers
Fix ipapi rate limiting

 

[Chris_J]

Great idea with the randomised cronjob