Skynet Skynet adding local file .txt

[jayz]

Hello All Sorry to ask newbie here, i used skynet for ipblocking question how do i import .txt file saved on my pc (ex: download folder) to skynet firewall. or what is the proper way to import a local file to skynet? thanks in advance

 

[Viktor Jaep]

Hello All Sorry to ask newbie here, i used skynet for ipblocking question how do i import .txt file saved on my pc (ex: download folder) to skynet firewall. or what is the proper way to import a local file to skynet? thanks in advance

Here are some steps to import a file from a local location...

Skynet - Is default firewall good enough?

I been using your list for few months. Is this the current list? If I remember correctly it used to be around 170k. The IP list almost doubled? 328944 IPs (+0) -- 9095 Ranges Banned (+0) || 19740 Inbound -- 2098 Outbound Connections Blocked! 481911 IPs try this feed...

www.snbforums.com

 

[jayz]

Here are some steps to import a file from a local location...

Skynet - Is default firewall good enough?

I been using your list for few months. Is this the current list? If I remember correctly it used to be around 170k. The IP list almost doubled? 328944 IPs (+0) -- 9095 Ranges Banned (+0) || 19740 Inbound -- 2098 Outbound Connections Blocked! 481911 IPs try this feed...

www.snbforums.com

Thank you so much very appreciated. i am working on my own blocklist now

 

[Accuphaze]

Hello!
Please tell me the exact structure of recording multiple IP addresses for importing into the blacklist from a file (local & https://... ).
I tried this form of recording IP addresses in a text file (UTF8):
var #1 (to column)
1.2.3.4
5.6.7.8.
...
var #2 (into a single line with separated by ",")
1.2.3.4, 5.6.7.8 ...
In both cases there is an error message: 404 error... or only one IP address is read out of all!
If you enter IP addresses in the console, then naturally no problems arise:
1. for exapmle: firewall ban range 1.2.3.0/24 comment "abc"
2. for exapmle: firewall ban ip 1.2.3.4 comment "abc"
I need to enter more than 1000 IP addresses and it is very tedious to do by hand.
Thanks for the help.
P.S Is there any limit on the number of IP addresses in the blacklist?

 

[Viktor Jaep]

Hello!
Please tell me the exact structure of recording multiple IP addresses for importing into the blacklist from a file (local & https://... ).
I tried this form of recording IP addresses in a text file (UTF8):
var #1 (to column)
1.2.3.4
5.6.7.8.
...
var #2 (into a single line with separated by ",")
1.2.3.4, 5.6.7.8 ...
In both cases there is an error message: 404 error... or only one IP address is read out of all!
If you enter IP addresses in the console, then naturally no problems arise:
1. for exapmle: firewall ban range 1.2.3.0/24 comment "abc"
2. for exapmle: firewall ban ip 1.2.3.4 comment "abc"
I need to enter more than 1000 IP addresses and it is very tedious to do by hand.
Thanks for the help.
P.S Is there any limit on the number of IP addresses in the blacklist?

Why go through all this trouble? Why not use an already well-established list?

 

[Accuphaze]

Why go through all this trouble? Why not use an already well-established list?

Why do I even need other people’s problems related to bruteforce of other people’s servers?
I have my own server and I want to take from the log of my server the IP addresses of those who engage in bruteforce and block them at the entrance to the router.
That's all...
Don't enter this manually, instead of importing from a file!
P.S Moreover, such a possibility is declared on Skynet!
Then there must be an exact specificatio of file for importing multiple IP addresses, but I can't find it anywhere!

 

[Viktor Jaep]

Why do I even need other people’s problems related to bruteforce of other people’s servers?
I have my own server and I want to take from the log of my server the IP addresses of those who engage in bruteforce and block them at the entrance to the router.
That's all...
Don't enter this manually, instead of importing from a file!

What service/port are they trying to brute force on your end exactly?

 

[ColinTaylor]

Why do I even need other people’s problems related to bruteforce of other people’s servers?
I have my own server and I want to take from the log of my server the IP addresses of those who engage in bruteforce and block them at the entrance to the router.
That's all...

It's possible that your server is more powerful than your router. In which case it might make more sense to run something like fail2ban directly on the server rather than exporting/importing files for Skynet.

GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors

Daemon to ban hosts that cause multiple authentication errors - fail2ban/fail2ban

github.com

 

[Accuphaze]

What service/port are they trying to brute force on your end exactly?

For example:
ftp server, ports - 21 & 22
post server, ports - 25, 110, 465, 587, 995

 

[Accuphaze]

It's possible that your server is more powerful than your router. In which case it might make more sense to run something like fail2ban directly on the server rather than exporting/importing files for Skynet.

GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors

Daemon to ban hosts that cause multiple authentication errors - fail2ban/fail2ban

github.com

I want to make sure that they do not even reach the server and are blocked at the entrance to the router.Otherwise, the server log is like an endless tape. The server software allows me to upload the IP addresses of those who do bruteforce into a file that I want to import every day into Skynet.

 

[ColinTaylor]

I don't use Skynet but looking at the source code it appears that the format of the import file is a single CIDR per line. There must be no other characters in front or after each address. For example,

216.58.213.0/24
45.77.76.174/32

I don't know what the meaning is for the "comment" option of the import command. Perhaps that's just some arbitrary string you need to specify.

• firewall import blacklist file.txt "Apples": Ban all IPs from the URL/local file with the comment "Apples".

 

[Accuphaze]

I don't use Skynet but looking at the source code it appears that the format of the import file is a single CIDR per line. There must be no other characters in front or after each address. For example,

216.58.213.0/24
45.77.76.174/32

I don't know what the meaning is for the "comment" option of the import command. Perhaps that's just some arbitrary string you need to specify.

• firewall import blacklist file.txt "Apples": Ban all IPs from the URL/local file with the comment "Apples".

No, this doesn't work:
firewall import blacklist https://mysite.abc/catalog/file.txt
I tried it, but I got an error: 404 error!
Although the file.txt from the https://mysite.abc/catalog/file.txt can be opened in any browser without any problems!

 

[ColinTaylor]

Try putting the same file on the router and importing it from there instead. The 404 error suggests a curl error has occurred.

firewall import blacklist /tmp/file.txt "Apples"

 

[Accuphaze]

Try putting the same file on the router and importing it from there instead. The 404 error suggests a curl error has occurred.

firewall import blacklist /tmp/file.txt "Apples"

I already wrote earlier that when importing from a local file, it only imports one IP address, which is the latest in the file!
All other IP addresses are not imported at all!
My command:
firewall import blacklist /mnt/sda1/entware/tmp/banlist.txt "abc"

 

[Viktor Jaep]

I already wrote earlier that when importing from a local file, it only imports one IP address, which is the latest in the file!
All other IP addresses are not imported at all!

This is the command I use to import large lists of IP addresses to Skynet's whitelist:

firewall import whitelist /jffs/addons/vpnmon-r3.d/vr3svr1.txt "VPNMON-R3 VPN Slot 1 Import"

The list is formatted in a single column of IP addresses, like:

33.46.33.66
11.60.223.22
...

I don't have any CIDR notations in there, like the /24's... they're all just straight IPs. I'd have to check the MAN to see if that would be possible for white/blacklisting.

 

[ColinTaylor]

I already wrote earlier that when importing from a local file, it only imports one IP address, which is the latest in the file!
All other IP addresses are not imported at all!
My command:
firewall import blacklist /mnt/sda1/entware/tmp/banlist.txt "abc"

Make sure the file is using Unix line endings and not DOS/Windows. e.g.

dos2unix /mnt/sda1/entware/tmp/banlist.txt

 

[Accuphaze]

Make sure the file is using Unix line endings and not DOS/Windows. e.g.

dos2unix /mnt/sda1/entware/tmp/banlist.txt

The file is created using NotePad++ only and is saved in UTF8 encoding, not NotePad for Windows.

 

[ColinTaylor]

The file is created using NotePad++ only and is saved in UTF8 encoding, not NotePad for Windows.

Notepad++ has the option to save files in either end of line format (EDIT > EOL Conversion), which is unrelated to the encoding.

This is the command I use to import large lists of IP addresses to Skynet's whitelist:

firewall import whitelist /jffs/addons/vpnmon-r3.d/vr3svr1.txt "VPNMON-R3 VPN Slot 1 Import"

The list is formatted in a single column of IP addresses, like:

33.46.33.66
11.60.223.22
...

I don't have any CIDR notations in there, like the /24's... they're all just straight IPs. I'd have to check the MAN to see if that would be possible for white/blacklisting.

Yes. Looking at the code more closely the bitmask part is optional.

 

[Accuphaze]

Hello ALL!
Yes, that's right - the problem was incorrect file encoding.
I converted the file to UNIX UTF8 (EOL for UNIX) and all IP addresses from the file were imported completely.
Thanks everyone for your help.

 

[Viktor Jaep]

Hello ALL!
Yes, that's right - the problem was incorrect file encoding.
I converted the file to UNIX UTF8 (EOL for UNIX) and all IP addresses from the file were imported completely.
Thanks everyone for your help.

I would be interested in your methods of how exactly you're extracting IPs of devices attempting brute force attempts, and how you're getting these back over onto your router in single columned lists for import into Skynet? Do you have any code you can share so I can get a better understanding?