- Status
underdose
Regular Contributor
From Github commit history:
- fix /32 subnet issue.
- increase speed on hanging regex.
- improve delays on manual whitelist code.
- decrease the amount of piped processes on some regex commands.
- enhance hard-coding on hash tables for IPSET, while keeping memory requirements minimal.
- Fix that printf in deport whitelist
- Fix that Deport Whitelist--%s doesn't exist in regular old print, we need printf.
- Fix asn link, Add Real IP address and ranges regex.
- fix /32 subnet issue.
- increase speed on hanging regex.
- improve delays on manual whitelist code.
- decrease the amount of piped processes on some regex commands.
- enhance hard-coding on hash tables for IPSET, while keeping memory requirements minimal.
- Fix that printf in deport whitelist
- Fix that Deport Whitelist--%s doesn't exist in regular old print, we need printf.
- Fix asn link, Add Real IP address and ranges regex.
EmeraldDeer
Very Senior Member
Installed and running for two days with no issues.
Viktor Jaep
Part of the Furniture
Big difference in my statistics after running a malware blocklist update... it increased my # of IPs by 100K 50K and decreased my ranges by 50K. Good work on making this more efficient and fixing the subnet issue, @SomeWhereOverTheRainBow and @Adamm!
Also... is "deport" the British term for "export"?
Also... is "deport" the British term for "export"?
Last edited:
SomeWhereOverTheRainBow
Part of the Furniture
Yep if we are expecting our ranges list to be "smaller" than our single IP list, then we definitely want to be sure our single IP's are not over filling our ranges list. Single IP addresses include any address with a /32 at the end. However, skynet was capturing anything with a "/" in it, and throwing that into ranges. This is inefficient since we have a seperate IPset dedicated to single IP entries. We want to ensure that our ranges only covers anything greater than /32 (e.g. /24 /16 /8).Big difference in my statistics after running a malware blocklist update... it increased my # of IPs by 100K, and decreased my ranges by 50K. Good work on making this more efficient and fixing the subnet issue, @SomeWhereOverTheRainBow and @Adamm!
Also... is "deport" the British term for "export"?
Viktor Jaep
Part of the Furniture
Actually, I think I overstated the IP increase... it was more like a 50K increase... Thanks for your efforts to make the experience better!
Apologize in advance for noob questions, but are cloudflare IPs whitelisted by default or do I have to add them? I am exposing some self-hosted services and utilizing cloudflare as proxy.
SomeWhereOverTheRainBow
Part of the Furniture
That is up to you. I personally don't have a setup that specialized, but if you think skynet might cause a problem, I suggest whitelisting ip addresses if you are having trouble accessing them.
BTW, skynet already includes this list if you have the CDN whitelisting option enabled under skynet settings.
Last edited:
SomeWhereOverTheRainBow
Part of the Furniture
No, it is Briish (the "t" is silent or non-existing); However, in my country just uttering the word deport tickles the ears of near by ICE agents, so we must be careful!Also... is "deport" the British term for "export"?
Ah!! Thank you! Exactly what I was looking for. Of course, the source!
Viktor Jaep
Part of the Furniture
Exactly why I was asking... Shhhhhh!
mrgnex
Occasional Visitor
I can't seem to update to the newest version. How did you all did it? I get these errors after upgrade entware packages:
Code:
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[i] New Version Detected - Updating To (d41d8cd98f00b204e9800998ecf8427e)
[i] Saving Changes
[i] Unloading Skynet Components
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chart.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chartjs-plugin-zoom.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating hammerjs.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating skynet.asp Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating firewall.sh Failed
[i] Restarting Firewall Service
ColDen
Senior Member
Hummm look like a corrupted installation and suggest that you remove Skynet ( sh /jffs/scripts/firewall uninstall ) then re-install Skynet.
Viktor Jaep
Part of the Furniture
Or CURL isn't up-to-date, and not able to handle that "--retry-all-errors" switch? Perhaps take a look at any possible needed entware updates as well, @mrgnex ? Oops, I just read you just updated your entware... in that case, you might just need a reboot incase some updates need to settle/reload...
The other thing you could try is force updating CURL itself...
Code:
opkg update
opkg install --force-reinstall curl
Last edited:
SomeWhereOverTheRainBow
Part of the Furniture
Skynet hardcodes to use the routers binaries first. So skynet should always be choosing the routers built in curl instead of entwares. If the OP hasn't updated their firmware in a long time, it is highly recommended they do that first.
SomeWhereOverTheRainBow
Part of the Furniture
The --retry-all-errors option has been present in curl for atleast 2 years to 3 years now. Unless there is something specific about this users router curl, I suspect the most up-to-date firmware should support it. I have not known @RMerlin to not keep curl up-to-date.
Last edited:
toforrao
New Around Here
I'm running into some performance issues when Skynet is updating its Malware lists. Every day, it starts "Skynet_banmalware" script al 12:25, and the router stays unresponsive until this process finishes (2 o 3 minutes).
Is there a way to config skynet to update at some specific hours?
I'm explaining myself:
If I update crontab with "cron -e", on the next reboot, all is messed up again losing that specific configuration I edited.
The proccess original configuration once I install Skynet is this:
If I change that config with this one, for example (using crontab -e):
On the next reboot it comes up with a random schedule again, so there is no way to reschedule this specific process. On this ocassion it changed it to execute it at "15:25" everyday.
My guess is that there must be any way to workaround this. Any thoughts?
Thanks in advance.
Is there a way to config skynet to update at some specific hours?
I'm explaining myself:
If I update crontab with "cron -e", on the next reboot, all is messed up again losing that specific configuration I edited.
The proccess original configuration once I install Skynet is this:
If I change that config with this one, for example (using crontab -e):
On the next reboot it comes up with a random schedule again, so there is no way to reschedule this specific process. On this ocassion it changed it to execute it at "15:25" everyday.
My guess is that there must be any way to workaround this. Any thoughts?
Thanks in advance.
SomeWhereOverTheRainBow
Part of the Furniture
You can adjust the update schedule.
firewall settings banmalware daily|weekly|disableUsing the below in the ssh terminal
firewall settings banmalware weeklyWill change it from the default daily setting to weekly within the skynet settings. Whereas manually doing the crontab adjustments yourself isn't permanent. You must use the above command for it to stick at weekly.
toforrao
New Around Here
Thanks!
I guess there is no chance to indicate exactly any hour. In my case, it would be nice to just tell skynet to update at early hours in the morning in order to not to hit network performance...
- Status
Similar threads
Similar threads
Similar threads
-
Solved Skynet running slow with install/update issues from AMTM?- Started by John Fitzgerald
- Replies: 10
-
Skynet Source LAN IP for outbound IP blocked by SkyNet
- Started by buzzy
- Replies: 8
-
Skynet Installing Skynet causes router to crash and reboot
- Started by ovancantfort
- Replies: 26
-
-
-
Send stats Division and Skynet to webhook or mqtt
- Started by poudenes
- Replies: 0
-
-
-
Skynet show inbound block on Digital TV Vlan300
- Started by poudenes
- Replies: 4
-
Skynet Skynet Autobanning Failed Login Attempts?
- Started by ninjada
- Replies: 0