Skynet Skynet Not Starting with IPTables Rules Failed

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Calkulin

Regular Contributor
I installed 386.2 alpha 2-g0b90696715 and I now have 3x AC68Us that are not starting Skynet and all show IPTables Rules failed even though my AX88U is running fine with Skynet with the same build. I tried uninstalling/reinstalling Skynet and while it eventually started fine after the install, within a few mins, it showed the same failed error. Logs are showing Rule Integrity Violation - Restarting Firewall [ #9 #10 ] for those 3 AC68Us, anyone else having this same issue with the new alpha build or have suggestions on how to fix it? I looked at the source code and found what the errors are pointing to and ran the 4 checks manually and returned correct values. Tried running the commands manually and got "iptables: Bad rule (does a matching rule exist in that chain?)"

1615220830579.png


Code:
    if [ "$(nvram get sshd_enable)" = "1" ] && [ "$(nvram get sshd_bfp)" = "1" ] && [ "$(uname -o)" = "ASUSWRT-Merlin" ] && [ "$(nvram get switch_wantag)" != "movistar" ]; then
        iptables -C SSHBFP -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j SET --add-set Skynet-Blacklist src 2>/dev/null || fail="${fail}#9 "
        iptables -C SSHBFP -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j LOG --log-prefix "[BLOCKED - NEW BAN] " --log-tcp-sequence --log-tcp-options --log-ip-options 2>/dev/null || fail="${fail}#10 "
    fi
 
Last edited:

dave14305

Part of the Furniture
Makes sense but weird that it starts on the AX88U but not on the AC68Us
Was brute force protection enabled on all of them, though? And more importantly, did the nvram command fix it?
 

Calkulin

Regular Contributor
Was brute force protection enabled on all of them, though? And more importantly, did the nvram command fix it?

Yes, all had it turned on and the unset command did fix it on all the AC68Us immediately, didn't even need to restart Skynet manually. Thanks a lot for that quick fix,
 

dave14305

Part of the Furniture
Yes, all had it turned on and the unset command did fix it on all the AC68Us immediately, didn't even need to restart Skynet manually. Thanks a lot for that quick fix,
And all had SSH enabled for WAN? Both conditions must be met for the rule check to take effect.
 

Calkulin

Regular Contributor
And all had SSH enabled for WAN? Both conditions must be met for the rule check to take effect.

The AC68Us did but with access restriction enabled for local /24 and 1 external IP. The AX88U didn't, which explains why the AX88U didn't have that issue now that I think about it,
 

isr25

Regular Contributor
Skynet was updated yesterday by adamm00 to resolve this issue. Thanks Adamm00!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top