Skynet Skynet - Router Firewall & Security Enhancements

[snakebite3]

I've pushed v6.2.7

Skynet will now look for (and delete!) files associated with the VPNFilter malware if secure mode is enabled.
Some other small changes include the import command being fixed in the main menu, and not hard exiting on select commands when a firewall service restart is required.

Is the secure mode enabled by default?

 

[Adamm]

Is the secure mode enabled by default?

For new installs (and anyone who runs the installer again that hasn't explicitly disabled it) yes. I held off enabling it by default on existing installs as some users with insecure settings like exposing SSH and the WebUI to wan might complain these features stopped working without warning.

 

[MSL123]

Just installed Skynet and had two questions regarding settings:

1. Log Invalid is disabled. What do I get if I enable it? How would I enable it?
2. Ban AIprotect. If this is adding IPs that Aiprotect has banned, is there any advantage to enabling this, as AIprotect should already have blocked them?

Thanks!

 

[DonnyJohnny]

Just installed Skynet and had two questions regarding settings:

1. Log Invalid is disabled. What do I get if I enable it? How would I enable it?

You will no longer see invalid block log but the invalid packet blocking is still on going in the background. To enable, you can go via the GUI, under Debug or use the following command.
sh /jffs/scripts/firewall debug loginvalid enable

2. Ban AIprotect. If this is adding IPs that Aiprotect has banned, is there any advantage to enabling this, as AIprotect should already have blocked them?

Just to compile a more up to date ban list for Skynet. Skynet will compare if ip being blocked by aiprotection is in banmalware, if not it will add in to its manual ban list. In normal situation, aiprotection block packet by signature/known ip from trend micro. Skynet block only ip taken from reputable sources.

 

[snakebite3]

What's do these error mean? how do I fix this?

Jun  9 22:30:09 kernel: attempt to access beyond end of device
Jun  9 22:30:09 kernel: sda: rw=1, want=109296848, limit=15644912
Jun  9 22:30:09 kernel: Write-error on swap-device (8:0:109296840)
Jun  9 22:30:09 kernel: attempt to access beyond end of device
Jun  9 22:30:09 kernel: sda: rw=1, want=109296856, limit=15644912
Jun  9 22:30:09 kernel: Write-error on swap-device (8:0:109296848)
Jun  9 22:30:09 kernel: attempt to access beyond end of device
Jun  9 22:30:09 kernel: sda: rw=1, want=109296864, limit=15644912
Jun  9 22:30:09 kernel: Write-error on swap-device (8:0:109296856)

I'm guess it has something to do with skynet and swap file.

 

[Adamm]

What's do these error mean? how do I fix this?

Jun  9 22:30:09 kernel: attempt to access beyond end of device
Jun  9 22:30:09 kernel: sda: rw=1, want=109296848, limit=15644912
Jun  9 22:30:09 kernel: Write-error on swap-device (8:0:109296840)
Jun  9 22:30:09 kernel: attempt to access beyond end of device
Jun  9 22:30:09 kernel: sda: rw=1, want=109296856, limit=15644912
Jun  9 22:30:09 kernel: Write-error on swap-device (8:0:109296848)
Jun  9 22:30:09 kernel: attempt to access beyond end of device
Jun  9 22:30:09 kernel: sda: rw=1, want=109296864, limit=15644912
Jun  9 22:30:09 kernel: Write-error on swap-device (8:0:109296856)

I'm guess it has something to do with skynet and swap file.

Its todo with your USB device, unrelated to Skynet, Skynet just happens to be using the drive which is triggering the error. I'd try reboot your device.

 

[snakebite3]

Its todo with your USB device, unrelated to Skynet, Skynet just happens to be using the drive which is triggering the error. I'd try reboot your device.

I reboot once but still get this error.
Any idea what the error means?

Jun 9 22:30:09 kernel: attempt to access beyond end of device
Jun 9 22:30:09 kernel: sda: rw=1, want=109296848, limit=15644912
Is that in bytes?
Want = 109MB, limit 15MB ?
My USB drive have 0.967GB.

 

[Adamm]

I reboot once but still get this error.
Any idea what the error means?

Jun 9 22:30:09 kernel: attempt to access beyond end of device
Jun 9 22:30:09 kernel: sda: rw=1, want=109296848, limit=15644912
Is that in bytes?
Want = 109MB, limit 15MB ?
My USB drive have 0.967GB.

Again, not a Skynet issue. You could potentially see if e2fsck resolves it, or it might be an issue with how you partitioned it.

 

[snakebite3]

Again, not a Skynet issue. You could potentially see if e2fsck resolves it, or it might be an issue with how you partitioned it.

I don't use linux. Does the usb drive need to use a linux file system?

 

[JaimeZX]

I don't use linux. Does the usb drive need to use a linux file system?

Yes. I have a "how to" bit on this in my thread.
https://www.snbforums.com/threads/h...ab-solution-pixelserv-tls-and-dnscrypt.45744/

 

[MSL123]

Are there any real-time alerting or daily stats options with Skynet? I love the info I am getting but would like to have it come to me instead of having to check daily.

 

[Adamm]

Are there any real-time alerting or daily stats options with Skynet? I love the info I am getting but would like to have it come to me instead of having to check daily.

At this current time, beyond the syslog, no.

Personally I'm not a huge fan of this kind of thing being emailed to my inbox for example, but then again I probably am on my PC more then the "average person" so its a little bias. I'm sure there's a million prewritten scripts out there which you could just add Skynet's stat command too though that would suit your needs for the time being.

 

[MSL123]

At this current time, beyond the syslog, no.

Personally I'm not a huge fan of this kind of thing being emailed to my inbox for example, but then again I probably am on my PC more then the "average person" so its a little bias. I'm sure there's a million prewritten scripts out there which you could just add Skynet's stat command too though that would suit your needs for the time being.

Got it - thanks! For those who are interested here is what I did - seems to work as intended to send me a daily Skynet report.

To setup daily report on stats:

1. Create services-start file in /jffs/scripts and make executable

chmod a+rx /jffs/scripts/*

1. Using nano, edit to add to services-start (I used gmail for smtp - adjust to your situation):

#!/bin/sh
cru a DailyRpt '0 23 * * * sh /jffs/scripts/firewall stats | /usr/sbin/email -r"smtp.gmail.com" -u"yourgmailuserid" -i"yourgmailpassword" -f"from@domain.com" -tls toemail@domain.com'

1. Execute the script with

sh services-start

1. Check cron job has it with:

cru l

 

[HuskyHerder]

Well look at that, I was about to post a question and a simple glance at the first post helped me find the answer. Y'all remember that, if I ask something else stupid down the line. I mean I get one freebie right.

aka... how to find and review manual bans.

sh /jffs/scripts/firewall stats search manualbans

Thanks for the detailed work!!!

 

[MisterGriffiths]

I am regularly seeing the following in my logs, sometimes for hours at a time. Restarting Skynet and/or forcing updates doesn't seem to fix the issue. Can't find anything relating to this on snbforum.

Skynet: [Complete] 0 IPs / 0 Ranges Banned

Any ideas?

 

[Adamm]

I am regularly seeing the following in my logs, sometimes for hours at a time. Restarting Skynet and/or forcing updates doesn't seem to fix the issue. Can't find anything relating to this on snbforum.

Skynet: [Complete] 0 IPs / 0 Ranges Banned

Any ideas?

Thats just hourly stats from the save function, once per day the messages will be cleared from the syslog.

 

[MisterGriffiths]

Thats just hourly stats from the save function, once per day the messages will be cleared from the syslog.

Hi, thanks for the speedy response. I also see it at any time during the hour if I run:

sh /jffs/scripts/firewall debug info

 

[Viktor Jaep]

I was casually checking on the firewall this morning, and I was presented with this:

Router Model;
Skynet Version; v6.2.7 (11/06/2018)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.5_0 (May 12 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/SANDISK/skynet (3.2G / 3.7G Space Available)
SWAP File; /tmp/mnt/SANDISK/myswap.swp (512.0M)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/SANDISK/skynet

Checking Inbound Filter Rules... [Failed]
Checking Outbound Filter Rules... [Failed]

For the life of me, I can't seem to get the firewall started again. Any idea how this could happen, and what if anything, can I do to get it started? Do I need to uninstall/reinstall? I'd prefer not to do that. Also, is there a way to save my settings? The save function also does not seem to work... ;(

 

[Adamm]

For the life of me, I can't seem to get the firewall started again.

sh /jffs/scripts/firewall restart

 

[Viktor Jaep]

sh /jffs/scripts/firewall restart

Thanks Adamm... No dice. It's still showing:

Checking Inbound Filter Rules... [Failed]
Checking Outbound Filter Rules... [Failed]

I even tried a reboot before using this command you shared. Any other ideas?

**EDIT: I was able to fix this by running through option 13 again (install/change boot options). Once I did that, it seemed to repair itself, and works again.