Skynet Skynet - Router Firewall & Security Enhancements
FadgewackeR
Regular Contributor
Maybe not the correct forum... sorry guys, but If I have ABsolution, Skynet, DNSCrypt and Pixelserv active and up to date on my 86U, I ussume I'm safe to turn of AiProtect?
johnathonm
Regular Contributor
Skynet,
Continues to block and ban 1.1.1.1 from my network even though it, was, unbanned and whitelisted.
ul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14213 DF PROTO=UDP SPT=14908 DPT=53 LEN=40
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=14214 DF PROTO=UDP SPT=59958 DPT=53 LEN=50
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=14215 DF PROTO=UDP SPT=61236 DPT=53 LEN=50
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=64 ID=14216 DF PROTO=UDP SPT=10231 DPT=53 LEN=46
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=14217 DF PROTO=UDP SPT=43098 DPT=53 LEN=42
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=14218 DF PROTO=UDP SPT=4226 DPT=53 LEN=49
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=14220 DF PROTO=UDP SPT=61743 DPT=53 LEN=50
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=14221 DF PROTO=UDP SPT=59470 DPT=53 LEN=55
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=14223 DF PROTO=UDP SPT=11160 DPT=53 LEN=38
Jul 30 11:34:25 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=14331 DF PROTO=UDP SPT=50038 DPT=53 LEN=42
Jul 30 11:34:39 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=15496 DF PROTO=UDP SPT=54277 DPT=53 LEN=42
Jul 30 11:34:49 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=16037 DF PROTO=UDP SPT=56144 DPT=53 LEN=42
Jul 30 11:34:51 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=4c:ed:fb:90:2b:48:00:01:5c:7a:4c:46:08:00 SRC=181.214.87.250 DST=XXX124.127.21 LEN=40 TOS=0x00 PREC=0x20 TTL=238 ID=35550 PROTO=TCP SPT=43804 DPT=33389 SEQ=476739494 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jul 30 11:35:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16344 DF PROTO=UDP SPT=31846 DPT=53 LEN=40
Jul 30 11:35:08 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=16826 DF PROTO=UDP SPT=19459 DPT=53 LEN=53
Jul 30 11:35:08 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16827 DF PROTO=UDP SPT=61804 DPT=53 LEN=44
Jul 30 11:35:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=16840 DF PROTO=UDP SPT=60676 DPT=53 LEN=42
Jul 30 11:35:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=16850 DF PROTO=UDP SPT=15805 DPT=53 LEN=42
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=56 TOS=0x00 PREC=0x00 TTL=64 ID=17034 DF PROTO=UDP SPT=11777 DPT=53 LEN=36
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=17044 DF PROTO=UDP SPT=36833 DPT=53 LEN=48
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17045 DF PROTO=UDP SPT=42478 DPT=53 LEN=40
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=74 TOS=0x00 PREC=0x00 TTL=64 ID=17048 DF PROTO=UDP SPT=35081 DPT=53 LEN=54
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=74 TOS=0x00 PREC=0x00 TTL=64 ID=17049 DF PROTO=UDP SPT=4966 DPT=53 LEN=54
Jul 30 11:35:26 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=67 TOS=0x00 PREC=0x00 TTL=64 ID=18186 DF PROTO=UDP SPT=44853 DPT=53 LEN=47
Jul 30 11:35:26 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=18187 DF PROTO=UDP SPT=51795 DPT=53 LEN=56
Continues to block and ban 1.1.1.1 from my network even though it, was, unbanned and whitelisted.
ul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14213 DF PROTO=UDP SPT=14908 DPT=53 LEN=40
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=14214 DF PROTO=UDP SPT=59958 DPT=53 LEN=50
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=14215 DF PROTO=UDP SPT=61236 DPT=53 LEN=50
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=64 ID=14216 DF PROTO=UDP SPT=10231 DPT=53 LEN=46
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=14217 DF PROTO=UDP SPT=43098 DPT=53 LEN=42
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=14218 DF PROTO=UDP SPT=4226 DPT=53 LEN=49
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=14220 DF PROTO=UDP SPT=61743 DPT=53 LEN=50
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=14221 DF PROTO=UDP SPT=59470 DPT=53 LEN=55
Jul 30 11:34:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=14223 DF PROTO=UDP SPT=11160 DPT=53 LEN=38
Jul 30 11:34:25 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=14331 DF PROTO=UDP SPT=50038 DPT=53 LEN=42
Jul 30 11:34:39 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=15496 DF PROTO=UDP SPT=54277 DPT=53 LEN=42
Jul 30 11:34:49 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=16037 DF PROTO=UDP SPT=56144 DPT=53 LEN=42
Jul 30 11:34:51 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=4c:ed:fb:90:2b:48:00:01:5c:7a:4c:46:08:00 SRC=181.214.87.250 DST=XXX124.127.21 LEN=40 TOS=0x00 PREC=0x20 TTL=238 ID=35550 PROTO=TCP SPT=43804 DPT=33389 SEQ=476739494 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Jul 30 11:35:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16344 DF PROTO=UDP SPT=31846 DPT=53 LEN=40
Jul 30 11:35:08 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=16826 DF PROTO=UDP SPT=19459 DPT=53 LEN=53
Jul 30 11:35:08 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16827 DF PROTO=UDP SPT=61804 DPT=53 LEN=44
Jul 30 11:35:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=16840 DF PROTO=UDP SPT=60676 DPT=53 LEN=42
Jul 30 11:35:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=16850 DF PROTO=UDP SPT=15805 DPT=53 LEN=42
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=56 TOS=0x00 PREC=0x00 TTL=64 ID=17034 DF PROTO=UDP SPT=11777 DPT=53 LEN=36
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=17044 DF PROTO=UDP SPT=36833 DPT=53 LEN=48
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17045 DF PROTO=UDP SPT=42478 DPT=53 LEN=40
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=74 TOS=0x00 PREC=0x00 TTL=64 ID=17048 DF PROTO=UDP SPT=35081 DPT=53 LEN=54
Jul 30 11:35:14 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=74 TOS=0x00 PREC=0x00 TTL=64 ID=17049 DF PROTO=UDP SPT=4966 DPT=53 LEN=54
Jul 30 11:35:26 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=67 TOS=0x00 PREC=0x00 TTL=64 ID=18186 DF PROTO=UDP SPT=44853 DPT=53 LEN=47
Jul 30 11:35:26 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=XXX124.127.21 DST=1.1.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=18187 DF PROTO=UDP SPT=51795 DPT=53 LEN=56
Adamm
Part of the Furniture
johnathonm
Regular Contributor
I don't know if this impacts your data but I had to unban it and double check it was still on the whitelist, again.
Debug Data Detected in /tmp/mnt/poop/skynet/skynet.log - 6.3M
Monitoring From Jul 28 19:03:12 To Jul 30 13:09:48
22272 Block Events Detected
1328 Unique IPs
4 Manual Bans Issued
1.1.1.1 is in set Skynet-Whitelist.
1.1.1.1 is NOT in set Skynet-Blacklist.
1.1.1.1 is NOT in set Skynet-BlockedRanges.
Whitelist Reason;
1.1.1.1 "ManualWlist: 111111"
1.1.1.1 First Tracked On
1.1.1.1 Last Tracked On
0 Blocks Total
Event Log Entries From 1.1.1.1;
Jul 30 11:43:33 Skynet: [Manual Whitelist] TYPE=Single SRC=1.1.1.1 COMMENT=111111
First Block Tracked From 1.1.1.1;
10 Most Recent Blocks From 1.1.1.1;
Top 10 Targeted Ports From 1.1.1.1 (Inbound);
Top 10 Sourced Ports From 1.1.1.1 (Inbound);
Skynet: [Complete] 200516 IPs / 37641 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 379 Inbound / 2683 Outbound Connections Blocked! [stats] [4s]
This data is not correct, based on what I am seeing. I can pull the whole syslong for you if you'd like.
Debug Data Detected in /tmp/mnt/poop/skynet/skynet.log - 6.3M
Monitoring From Jul 28 19:03:12 To Jul 30 13:09:48
22272 Block Events Detected
1328 Unique IPs
4 Manual Bans Issued
1.1.1.1 is in set Skynet-Whitelist.
1.1.1.1 is NOT in set Skynet-Blacklist.
1.1.1.1 is NOT in set Skynet-BlockedRanges.
Whitelist Reason;
1.1.1.1 "ManualWlist: 111111"
1.1.1.1 First Tracked On
1.1.1.1 Last Tracked On
0 Blocks Total
Event Log Entries From 1.1.1.1;
Jul 30 11:43:33 Skynet: [Manual Whitelist] TYPE=Single SRC=1.1.1.1 COMMENT=111111
First Block Tracked From 1.1.1.1;
10 Most Recent Blocks From 1.1.1.1;
Top 10 Targeted Ports From 1.1.1.1 (Inbound);
Top 10 Sourced Ports From 1.1.1.1 (Inbound);
Skynet: [Complete] 200516 IPs / 37641 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 379 Inbound / 2683 Outbound Connections Blocked! [stats] [4s]
This data is not correct, based on what I am seeing. I can pull the whole syslong for you if you'd like.
Adamm
Part of the Furniture
Skynet is working as expected.
Jul 30 11:35:26 ==> Skynet blocked 1.1.1.1
Jul 30 11:43:33 ==> You whitelisted 1.1.1.1 (in doing so wiped the old logs)
just out of curiosity since firewall is in the path already...why not
firewall stats search ip 1.1.1.1
?
I'm using cloudflare 1.1.1.1 and have not had any of the blocks you are experiencing. What is the source range? Its a RFC1918 address? It doesn't look like it. Perhaps your source address is being blacklisted which is causing all of your issues? You need to run the command that adamm gave you for both source and dst address and see if either is blacklisted before you whitelist it. Not sure if skynet filters by dst ip.
and i see that skynet whitelists already include 1.1.1.1
Whitelist Reason;
1.1.1.1 "nvram: wan_dns1_x"
also check and make sure you didn't wipe out the default whitelists.
firewall whitelist list
that may also explain a lot of the problems you may be experiencing.
Last edited:
Adamm
Part of the Furniture
The "shortened" version is only relevant if you have entware installed (skynet symlinks itsself to /opt/bin/firewall). So I keep the long version for the %1 of people who may not have entware.
Good to know, thanks!
Is it normal for logs to disappear from syslog? Here is my syslog that i was looking at form earlier and was trourbleshooting
for the same time period looking at syslog now
Code:
Aug 4 18:00:05 Skynet: [Complete] 109413 IPs / 1700 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 9636 Inbound / 271 Outbound Connections Blocked! [save] [5s]
Aug 4 18:01:55 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=185.222.211.114 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=22271 PROTO=TCP SPT=40399 DPT=3384 SEQ=340817837 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 4 18:08:44 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=5.8.54.27 DST=23.242.44.106 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=37408 PROTO=TCP SPT=49892 DPT=8088 SEQ=2690621906 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 4 18:10:00 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=198.199.105.179 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48986 DPT=2375 SEQ=1618699094 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 4 18:22:24 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=45.227.254.248 DST=23.242.44.106 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=35287 PROTO=TCP SPT=50383 DPT=50170 SEQ=263087687 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 4 18:22:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=216.218.206.106 DST=23.242.44.106 LEN=92 TOS=0x00 PREC=0x00 TTL=54 ID=32437 DF PROTO=UDP SPT=25155 DPT=500 LEN=72
Aug 4 18:26:10 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=104.185.20.41 DST=23.242.44.106 LEN=40 TOS=0x08 PREC=0x00 TTL=44 ID=53556 PROTO=TCP SPT=24908 DPT=88 SEQ=401747050 ACK=0 WINDOW=34668 RES=0x00 SYN URGP=0
Aug 4 18:27:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=185.222.209.39 DST=23.242.44.106 LEN=40 TOS=0x08 PREC=0x00 TTL=232 ID=123 PROTO=TCP SPT=65531 DPT=3350 SEQ=100 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 4 18:28:03 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=31.192.108.88 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=47147 PROTO=TCP SPT=40048 DPT=6614 SEQ=2408353175 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 4 18:29:09 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=178.128.10.163 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=49200 PROTO=TCP SPT=50351 DPT=2323 SEQ=401747050 ACK=0 WINDOW=43215 RES=0x00 SYN URGP=0
Aug 4 18:29:15 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=176.31.78.52 DST=23.242.44.106 LEN=40 TOS=0x08 PREC=0x00 TTL=43 ID=37432 PROTO=TCP SPT=64858 DPT=2323 SEQ=401747050 ACK=0 WINDOW=55674 RES=0x00 SYN URGP=0
Aug 4 18:30:13 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=173.212.225.26 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15472 PROTO=TCP SPT=59645 DPT=5038 SEQ=12977076 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 4 18:30:44 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=37.49.231.113 DST=23.242.44.106 LEN=443 TOS=0x08 PREC=0x00 TTL=43 ID=43254 DF PROTO=UDP SPT=5366 DPT=5060 LEN=423
Aug 4 18:31:51 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=31.14.131.4 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26985 DF PROTO=TCP SPT=81 DPT=55508 SEQ=2626067964 ACK=2029754364 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:51 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.83.37 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=22726 DF PROTO=TCP SPT=81 DPT=55494 SEQ=4045988849 ACK=2275579429 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:51 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.189.58 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=692 DF PROTO=TCP SPT=81 DPT=47568 SEQ=2217964724 ACK=1166427652 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:51 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=31.14.131.4 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26987 DF PROTO=TCP SPT=81 DPT=55508 SEQ=2626067964 ACK=2029754364 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:51 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=31.14.131.133 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26159 DF PROTO=TCP SPT=81 DPT=39106 SEQ=1967419788 ACK=3072094024 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:51 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.189.58 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=695 DF PROTO=TCP SPT=81 DPT=47568 SEQ=2217964724 ACK=1166427652 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=31.14.131.4 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26989 DF PROTO=TCP SPT=81 DPT=55508 SEQ=2626067964 ACK=2029754364 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=31.14.131.133 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26161 DF PROTO=TCP SPT=81 DPT=39106 SEQ=1967419788 ACK=3072094024 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.189.58 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=698 DF PROTO=TCP SPT=81 DPT=47568 SEQ=2217964724 ACK=1166427652 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:52 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.157.73 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23580 DF PROTO=TCP SPT=81 DPT=48688 SEQ=3713856822 ACK=3666027338 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:53 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=88.34.204.154 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=12948 DF PROTO=TCP SPT=81 DPT=4707 SEQ=1651274332 ACK=3906276122 WINDOW=260 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=51.254.176.77 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23613 DF PROTO=TCP SPT=81 DPT=60946 SEQ=2182931248 ACK=3239435850 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=51.254.176.77 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23614 DF PROTO=TCP SPT=81 DPT=35794 SEQ=2358742685 ACK=2359746450 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.83.37 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=22735 DF PROTO=TCP SPT=81 DPT=55494 SEQ=4045988849 ACK=2275579429 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=31.14.131.4 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26991 DF PROTO=TCP SPT=81 DPT=55508 SEQ=2626067964 ACK=2029754364 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=31.14.131.133 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26163 DF PROTO=TCP SPT=81 DPT=39106 SEQ=1967419788 ACK=3072094024 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.189.58 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=701 DF PROTO=TCP SPT=81 DPT=47568 SEQ=2217964724 ACK=1166427652 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:31:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=80.211.157.73 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23583 DF PROTO=TCP SPT=81 DPT=48688 SEQ=3713856822 ACK=3666027338 WINDOW=256 RES=0x00 ACK FIN URGP=0
Aug 4 18:32:31 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=2c:4d:54:21:17:f0:2c:fd:a1:bc:07:8b:08:00 SRC=192.168.1.102 DST=88.34.204.154 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=12952 DF PROTO=TCP SPT=81 DPT=4707 SEQ=1651274333 ACK=3906276122 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 4 18:37:41 kernel: nvram: consolidating space!for the same time period looking at syslog now
Code:
Aug 4 18:00:05 Skynet: [Complete] 109413 IPs / 1700 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 9636 Inbound / 271 Outbound Connections Blocked! [save] [5s]
Aug 4 18:37:41 kernel: nvram: consolidating space!
skeal
Part of the Furniture
Yes. Every hour when skynet runs it's update of stats, it erases the drops in the syslog. And starts again for another hour.
thx
A
andrew2018
Guest
On my router Skynet shows nothing in its stats. Nothing appears in the router log either. When I run Skynet in the shell it says it's loaded just fine. Am I just lucky and not being hit with anything or might I have missed some config somewhere? Thanks in advance.thx
You won't see any output without turning on debug mode.
A
andrew2018
Guest
I have debug mode on.
Adamm
Part of the Furniture
Have you got any IP's blocked?
johnathonm
Regular Contributor
Hi Adamm,
I hope you are well. I have had to take down my AC86U due to my family being at my throat about Apple's various functions being blocked out by Skynet. I have whitelisted the entire 17.0.0.0/8 range, which apple owns, but they are also using different CDN's for things like their app store, updates and things along those lines. I am not sure what data to capture as apple's a beast of a thing, as you know. I purchased this router just so I could use your script but at present it's breaking functionality in my macbook's, ipad's and AppleTV's, various apps and very critically the app store which is where all updates are delivered.
Is there anything I can do to help in that area? As for the cloudflare blocking, I have given up on that, but the root of that is when DNSMASQ has the all-servers flag configured in the dnsmasq.conf file as each query is sent out to all the servers in the resolv list and respond, but the quickest is the one accepted. That's where I believe that's happening. The script, in these instances will still blacklist an ip address even if it is whitelisted, from my experiences.
This might crazy but would it be possible to whitelist a port and associate it with a specific CIDR or IP? This would nuance control a bit. I do not have a list of apples CDN server list.
I have this from https://stackoverflow.com/questions/10688852/ip-address-ranges-for-apns-servers
https://forum.netgate.com/topic/124371/allow-access-to-apple-ips/5
Maybe that will help... I don't know.
J
I hope you are well. I have had to take down my AC86U due to my family being at my throat about Apple's various functions being blocked out by Skynet. I have whitelisted the entire 17.0.0.0/8 range, which apple owns, but they are also using different CDN's for things like their app store, updates and things along those lines. I am not sure what data to capture as apple's a beast of a thing, as you know. I purchased this router just so I could use your script but at present it's breaking functionality in my macbook's, ipad's and AppleTV's, various apps and very critically the app store which is where all updates are delivered.
Is there anything I can do to help in that area? As for the cloudflare blocking, I have given up on that, but the root of that is when DNSMASQ has the all-servers flag configured in the dnsmasq.conf file as each query is sent out to all the servers in the resolv list and respond, but the quickest is the one accepted. That's where I believe that's happening. The script, in these instances will still blacklist an ip address even if it is whitelisted, from my experiences.
This might crazy but would it be possible to whitelist a port and associate it with a specific CIDR or IP? This would nuance control a bit. I do not have a list of apples CDN server list.
I have this from https://stackoverflow.com/questions/10688852/ip-address-ranges-for-apns-servers
https://forum.netgate.com/topic/124371/allow-access-to-apple-ips/5
Maybe that will help... I don't know.
J
Adamm
Part of the Furniture
I use apple devices daily and never have any issues or are any being reported. Please post logs of what you believe is causing your problems so we can work from there.
FadgewackeR
Regular Contributor
Same here. Have no issues with any Apple devices on my network at all.
Even before whitelisting 17.0.0.0/8, I was not having any noticeable problems (but I did it anyway). No problems here. Understanding the extent of the problem would be helpful. We have a lot of Apple devices (iPhones, iPads, iPods, as well as various computers) on the network here.
Similar threads
Similar threads
Similar threads
-
Skynet Installing Skynet causes router to crash and reboot
- Started by ovancantfort
- Replies: 26
-
Diversion Diversion & Skynet Missing on GUI after Router Reboot.- Started by cofetym
- Replies: 7
-
Blocking “RO” country code in Skynet blocks Proton VPN UK connections- Started by Gary_Dexter
- Replies: 0
-
Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode?
- Started by pjd50
- Replies: 12
-
Solved Skynet running slow with install/update issues from AMTM?- Started by John Fitzgerald
- Replies: 10
-
Skynet Source LAN IP for outbound IP blocked by SkyNet
- Started by buzzy
- Replies: 8
-
-
-
Send stats Division and Skynet to webhook or mqtt
- Started by poudenes
- Replies: 0
-
Latest threads
-
A Dummy Wants to Watch Security Cam Video on his PC
- Started by Curmudgeon10
- Replies: 0
-
GT-AXE16000 UNII-4 Question ( wireless backhual XT8s)
- Started by ronan_zj
- Replies: 2
-
RT-AX86U - 2.4Ghz Utilization in Wireless log
- Started by stockman
- Replies: 5
-
AirMesh with RTAX88U Pro and RT-AX53U
- Started by mrlordziemniak
- Replies: 2
-
Blocking “RO” country code in Skynet blocks Proton VPN UK connections
- Started by Gary_Dexter
- Replies: 0
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!