1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Skynet - Asus Firewall Addition

Discussion in 'Asuswrt-Merlin' started by Adamm, Apr 16, 2014.

  1. AtAM1

    AtAM1 Regular Contributor

    Joined:
    Apr 14, 2014
    Messages:
    104
    Location:
    /root
    Still the same issue and I think it is related to the regex format and install routine.

    I downloaded the firewall.sh file and changed the fstab check, for the 2 instances where it is used, to the same check you used for myswap.swp but substituted the filename to "partition" instead and installation did complete but firewall was not saved to /jffs/scripts.

    Code:
    if [ -z "$swaplocation" ] && ! grep -qF "myswap.swp" /proc/swaps && ! grep -qF "partition" /proc/swaps 2>/dev/null; then
    Code:
    if ! grep -qE "^swapon " /jffs/scripts/post-mount && ! grep -qF "partition" /proc/swaps 2>/dev/null; then Create_Swap; fi
    After copying and renaming firewall.sh to firewall under jffs/scripts, I was able to run firewall but the service checks are all in red

    Code:
    Router Model; RT-AC86U
    Skynet Version;  (05/11/2018)
    iptables v1.4.15 - (ppp0 @ x.x.x.x)
    ipset v6.32, protocol version: 6
    FW Version; 384.7_2 (Oct 21 2018) (4.1.27)
    Install Dir; /tmp/mnt/data/skynet (14.5G / 14.6G Space Available)
    Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/data/skynet
    
    Checking Inbound Filter Rules...            [Failed]
    Checking Outbound Filter Rules...            [Failed]
    Checking Whitelist IPSet...                [Failed]
    Checking BlockedRanges IPSet...                [Failed]
    Checking Blacklist IPSet...                [Failed]
    Checking Skynet IPSet...                [Failed]
    I haven't gone over your entire code but suspect there is another check needed, specifically in the install routine

    Code:
    elif ! grep -qF "partition" /proc/swaps && [ -z "$swaplocation" ]; then
                                                            Manage_Device
                                                            echo "[i] Saving Changes"
                                                            Save_IPSets
                                                            echo "[i] Unloading Skynet Components"
                                                            Unload_Cron "all"
                                                            Unload_IPTables
                                                            Unload_DebugIPTables
                                                            Unload_IPSets
                                                            logger -t Skynet "[%] Restarting Firewall Service"; echo "[%] Restarting Firewall Service"
                                                            restartfirewall="1"
                                                            nolog="2
    While I was able to get Skynet to load after including the above routine, the firewall file is still not saved to /jffs/scripts

    Apologies for butchering your code ... Don't trouble yourself if it's too much of a hassle to get fstab swap partitions to be recognized by Skynet.

    Thanks again
     
  2. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,691
    I pushed another hotfix, run;

    Code:
    sh /jffs/scripts/firewall update -f
    and let me know if there's any issues.
     
    Last edited: Nov 6, 2018
  3. AtAM1

    AtAM1 Regular Contributor

    Joined:
    Apr 14, 2014
    Messages:
    104
    Location:
    /root
    Perfectamundo! Many thanks Adamm =)

    Edit: just went over the code changes - good stuff!
     
    Last edited: Nov 6, 2018
    Adamm likes this.
  4. TeaDragon

    TeaDragon New Around Here

    Joined:
    Jan 15, 2017
    Messages:
    4
    Hi! Can you give me any pointers, or know any tutorial for setting this up? I'd very much like to blacklist or ban incorrect logins.
     
  5. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,691
    I've pushed v6.5.7

    This version is based on swap file mangement. After about 3 rewrites I got the code how I wanted it so we can fix or atleast diagnose just about any swap related issue. This is hopefully the last time I have to look at that code :p
     
    Last edited: Nov 8, 2018
    SMS786, Makaveli, eclp and 10 others like this.
  6. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,691
    If Skynet is installed its enabled by default in the background.
     
  7. nlurker

    nlurker New Around Here

    Joined:
    Sep 4, 2018
    Messages:
    1
    Is there a reason why the command to run skynet is not skynet?
     
  8. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    2,011
    Location:
    /etc
    One reason would be that skynet doesn't require entware.
     
  9. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,691
    If entware is installed you can create a new command and call it whatever you like.

    Code:
    ln -s /jffs/scripts/firewall /opt/bin/*****
    With ***** being the new command name
     
  10. agilani

    agilani Senior Member

    Joined:
    Nov 30, 2012
    Messages:
    454
    Adamm,
    Any plans to support ipv6?

    and how about building our own community blacklist? I don't mind having my skynet data compiled for Good.

    In fact, i'd be willing to turn on dropped inbound traffic logging if it helps the cause. Maybe an opt in option?
     
    Last edited: Nov 9, 2018
  11. TeaDragon

    TeaDragon New Around Here

    Joined:
    Jan 15, 2017
    Messages:
    4
    Thank you!
     
  12. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    602
    The last two days Siri was not working on my iPad (via WiFi), while it was working fine on my iPhone (WiFi + cellular). Today when I temporarily disabled Skynet Siri immediately started working again on the iPad. Now with Skynet back on, Siri still seems to work on both devices.

    What can Skynet have blocked here?

    (since Siri is working now I can't reproduce?)
     
  13. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,691
     
  14. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,691
    Blacklisting isn't effective with IPv6. It works with IPv4 because it is address limited. With IPv6 there are 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses up for grabs so blacklisting is useless.
     
    Protik likes this.
  15. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    602
    Thanks. I have seen that post multiple times before.

    Unfortunately I had no clue it was Skynet blocking Siri. I found out by accident (so too late to test) and it does not reproduce now.

    If it happens again I’ll try to debug using these instructions.
     
  16. DonnyJohnny

    DonnyJohnny Very Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    639
    Please write the number in words. How do u read the numbers in word. Lol. It needs mathematics genius for this question.
     
  17. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,247
    DonnyJohnny likes this.
  18. DonnyJohnny

    DonnyJohnny Very Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    639
    thelonelycoder, SMS786 and skeal like this.
  19. Laszlo Ladanyi

    Laszlo Ladanyi Occasional Visitor

    Joined:
    Dec 6, 2016
    Messages:
    11
    I think I've found an unmanaged? situation. If I have an activated swap partition on /dev/sda1 the skynet's installer couldn't finish without errors, so it didn't work. After swapoff /dev/sda1 the installer and skynet works fine. Could you investigate it? As I remember swap partition existence wasn't problem before...It's not a huge problem, because I can use swap file instead of swap partition.
     
  20. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    2,011
    Location:
    /etc
    Skynet's author says that a swap file is what is supported not swap partition.