Skynet Skynet - Router Firewall & Security Enhancements

[^Tripper^]

I think I can reproduce this, if you are using the menu there's no need for quotes, I'll add an automated check to the function.

Just tried without the quotes;

Input Country Abbreviations To Ban:


[Countries]: cn pk kp


[$] /jffs/scripts/firewall ban country cn pk kp


/jffs/scripts/firewall: /tmp/mnt/rstick/skynet/skynet.cfg: line 17: kp: not found

Banning Known IP Ranges For (cn pk kp)

Downloading Lists

Filtering IPv4 Ranges & Applying Blacklists

Saving Changes


[#] 162786 IPs (+0) -- 7308 Ranges Banned (+5419) || 0 Inbound -- 127 Outbound Connections Blocked! [ban] [12s]

 

[Adamm]

Just tried without the quotes;

Input Country Abbreviations To Ban:


[Countries]: cn pk kp


[$] /jffs/scripts/firewall ban country cn pk kp


/jffs/scripts/firewall: /tmp/mnt/rstick/skynet/skynet.cfg: line 17: kp: not found

Banning Known IP Ranges For (cn pk kp)

Downloading Lists

Filtering IPv4 Ranges & Applying Blacklists

Saving Changes


[#] 162786 IPs (+0) -- 7308 Ranges Banned (+5419) || 0 Inbound -- 127 Outbound Connections Blocked! [ban] [12s]

Its working now, the invalid input in your config file has been flushed and you shouldn't see it again. I also just pushed a hotfix to prevent users from inputting quotes

 

[^Tripper^]

Its working now, the invalid input in your config file has been flushed and you shouldn't see it again. I also just pushed a hotfix to prevent users from inputting quotes

Sweet bananas!! That was fast!!!! Bloody brilliant!!

Thank you!!!

 

[bitmonster]

Been running a few days now, nothing in the logs (debug watch or stats command). Is this normal?

 

[Adamm]

Been running a few days now, nothing in the logs (debug watch or stats command). Is this normal?

Please post the output of;

sh /jffs/scripts/firewall debug info

 

[blueshark]

@Adamm, its possible show some info on web browser when url/ip/domain is blocked by Skynet.
ex: " you are trying to access a url blocked by Skynet Firewall..."

 

[Adamm]

@Adamm, its possible show some info on web browser when url/ip/domain is blocked by Skynet.
ex: " you are trying to access a url blocked by Skynet Firewall..."

Not in its current design without a third party webserver.

 

[Tekneek]

Even if you did implement a webserver message like that, the URL/domain referenced may have nothing to do with why the IP address was blocked (I often find shared hosting IP addresses are being blocked, likely having nothing to do with the vast majority of domains resolving to it). It may give people the mistaken impression the site they were trying to reach was specifically being blocked.

 

[drg]

Hi guys,

Do you know how can I reset the manual ban list of IPs. I want to unban all manual IPs I previously banned and start over

Thanks in advance!

 

[M@rco]

Do you know how can I reset the manual ban list of IPs. I want to unban all manual IPs I previously banned and start over

I think you can't, actually. You can unban all IP's to start over, but that will also unban all auto bans:

sh /jffs/scripts/firewall unban nomanual

@Adamm, while looking for an answer to the question above, I noticed two minor things in the UI:

What Type Of Input Would You Like To Unban:
[1]  --> IP
[2]  --> Range
[3]  --> Domain
[4]  --> Comment
[5]  --> Country
[6]  --> Malware
[7]  --> Non Manual Bans
[8]  --> All

[1-10]:

There's no option 9 or 10, so I guess that should say [1-8]: ?

Also, in the Deport List menu:

Select Where To Deport List:
[1]  --> Blacklist
[2]  --> Whitelist

Shouldn't that say "Select Which List To Deport:"?

I haven't checked the other menu's, just stumbled across these two.

 

[bitmonster]

Please post the output of;

sh /jffs/scripts/firewall debug info

#############################################################################################################
#                                _____ _                     _             __                               #
#                               / ____| |                   | |           / /                               #
#                              | (___ | | ___   _ _ __   ___| |_  __   __/ /_                               #
#                               \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                              #
#                               ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                             #
#                              |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                              #
#                                            __/ |                                                          #
#                                           |___/                                                           #
#                                                                                                           #
## - 24/09/2018 -                  Asus Firewall Addition By Adamm v6.4.7                                   #
##                                 https://github.com/Adamm00/IPSet_ASUS                                    #
#############################################################################################################


Router Model; RT-AC86U
Skynet Version; v6.4.7 (24/09/2018)
iptables v1.4.15 - (ppp0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
FW Version; 384.6_0 (Jul 25 2018) (4.1.27)
Install Dir; /tmp/mnt/System/skynet (12.4G / 14.3G Space Available)
SWAP File; /tmp/mnt/System/myswap.swp (1.0G)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/System/skynet
No Lock File Found

Checking Install Directory Write Permissions...     [Passed]
Checking Firewall-Start Entry...                    [Passed]
Checking Services-Stop Entry...                     [Passed]
Checking CronJobs...                                [Passed]
Checking IPSet Comment Support...                   [Passed]
Checking Log Level 5 Settings...                    [Failed]
Checking For Duplicate Rules In RAW...              [Passed]
Checking Inbound Filter Rules...                    [Passed]
Checking Inbound Debug Rules                        [Passed]
Checking Outbound Filter Rules...                   [Passed]
Checking Outbound Debug Rules                       [Passed]
Checking Whitelist IPSet...                         [Passed]
Checking BlockedRanges IPSet...                     [Passed]
Checking Blacklist IPSet...                         [Passed]
Checking Skynet IPSet...                            [Passed]
Checking For Diversion Plus Content...              [Passed]

Checking Autoupdate Setting...                      [Enabled]
Checking Auto-Banmalware Update Setting...          [Enabled]
Checking Debug Mode Setting...                      [Enabled]
Checking Filter Traffic Setting...                  [Enabled]
[i] Checking Unban PrivateIP Setting...                 [Enabled]
[i] Checking Log Invalid Setting...                     [Disabled]
[i] Checking Ban AiProtect Setting...                   [Enabled]
[i] Checking Secure Mode Setting...                     [Enabled]

[#] 162544 IPs (+0) -- 1872 Ranges Banned (+0) || 135 Inbound -- 0 Outbound Connections Blocked! [debug] [1s]

 

[Adamm]

Hi guys,

Do you know how can I reset the manual ban list of IPs. I want to unban all manual IPs I previously banned and start over

Thanks in advance!

You can just unban everything if you want to remove your manual entries (then go ahead and re-generate banmalware etc). Or you can unban via the comment "Manual".

I haven't checked the other menu's, just stumbled across these two.

Thanks, fixed both typos.

#############################################################################################################
#                                _____ _                     _             __                               #
#                               / ____| |                   | |           / /                               #
#                              | (___ | | ___   _ _ __   ___| |_  __   __/ /_                               #
#                               \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                              #
#                               ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                             #
#                              |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                              #
#                                            __/ |                                                          #
#                                           |___/                                                           #
#                                                                                                           #
## - 24/09/2018 -                  Asus Firewall Addition By Adamm v6.4.7                                   #
##                                 https://github.com/Adamm00/IPSet_ASUS                                    #
#############################################################################################################


Router Model; RT-AC86U
Skynet Version; v6.4.7 (24/09/2018)
iptables v1.4.15 - (ppp0 @ 192.168.2.1)
ipset v6.32, protocol version: 6
FW Version; 384.6_0 (Jul 25 2018) (4.1.27)
Install Dir; /tmp/mnt/System/skynet (12.4G / 14.3G Space Available)
SWAP File; /tmp/mnt/System/myswap.swp (1.0G)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/System/skynet
No Lock File Found

Checking Install Directory Write Permissions...     [Passed]
Checking Firewall-Start Entry...                    [Passed]
Checking Services-Stop Entry...                     [Passed]
Checking CronJobs...                                [Passed]
Checking IPSet Comment Support...                   [Passed]
Checking Log Level 5 Settings...                    [Failed]
Checking For Duplicate Rules In RAW...              [Passed]
Checking Inbound Filter Rules...                    [Passed]
Checking Inbound Debug Rules                        [Passed]
Checking Outbound Filter Rules...                   [Passed]
Checking Outbound Debug Rules                       [Passed]
Checking Whitelist IPSet...                         [Passed]
Checking BlockedRanges IPSet...                     [Passed]
Checking Blacklist IPSet...                         [Passed]
Checking Skynet IPSet...                            [Passed]
Checking For Diversion Plus Content...              [Passed]

Checking Autoupdate Setting...                      [Enabled]
Checking Auto-Banmalware Update Setting...          [Enabled]
Checking Debug Mode Setting...                      [Enabled]
Checking Filter Traffic Setting...                  [Enabled]
[i] Checking Unban PrivateIP Setting...                 [Enabled]
[i] Checking Log Invalid Setting...                     [Disabled]
[i] Checking Ban AiProtect Setting...                   [Enabled]
[i] Checking Secure Mode Setting...                     [Enabled]

[#] 162544 IPs (+0) -- 1872 Ranges Banned (+0) || 135 Inbound -- 0 Outbound Connections Blocked! [debug] [1s]

Your issue is caused by non-standard log level settings in your WebUI which is suppressing entries. On the syslog page correct the following settings.

 

[Adamm]

I've pushed v6.4.8

Fixed a bug that could lead to extended stats not properly showing depending on the date, along with further preventing invalid user input within the menu.

 

[bitmonster]

I've pushed v6.4.8

Thanks! Silly question - how do we update it?

Also - I have set my log settings to Info / Debug as suggested and I am not being flooded with blocked entries in the system log however I notice this from time to time. Is this just the regular update or something...

And is it worth blocking certain countries known to be dodgy or does it make little difference these days while potentially just breaking stuff.

Oct 4 02:00:03 Skynet: [#] 162546 IPs (+0) -- 1872 Ranges Banned (+0) || 648 Inbound -- 0 Outbound Connections Blocked! [save] [3s]
Oct 4 02:25:21 Skynet: [#] 158896 IPs (-3650) -- 1934 Ranges Banned (+62) || 701 Inbound -- 0 Outbound Connections Blocked! [banmalware] [21s]
Oct 4 03:00:03 Skynet: [#] 158896 IPs (+0) -- 1934 Ranges Banned (+0) || 772 Inbound -- 0 Outbound Connections Blocked! [save] [3s]

 

[visortgw]

Thanks! Silly question - how do we update it?

Also - I have set my log settings to Info / Debug as suggested and I am not being flooded with blocked entries in the system log however I notice this from time to time. Is this just the regular update or something...

And is it worth blocking certain countries known to be dodgy or does it make little difference these days while potentially just breaking stuff.

Oct 4 02:00:03 Skynet: [#] 162546 IPs (+0) -- 1872 Ranges Banned (+0) || 648 Inbound -- 0 Outbound Connections Blocked! [save] [3s]
Oct 4 02:25:21 Skynet: [#] 158896 IPs (-3650) -- 1934 Ranges Banned (+62) || 701 Inbound -- 0 Outbound Connections Blocked! [banmalware] [21s]
Oct 4 03:00:03 Skynet: [#] 158896 IPs (+0) -- 1934 Ranges Banned (+0) || 772 Inbound -- 0 Outbound Connections Blocked! [save] [3s]

Option 10 in the menu to update...

 

[M@rco]

how do we update it?

Option 10 in the menu to update...

or

sh /jffs/scripts/firewall update

in an SSH terminal, or

sh /jffs/scripts firewall update -f

for updates without a change in version number.

 

[JaimeZX]

@Adamm - I know you just pushed an update; food for thought / next update... To preclude this country ban confusion, what if you had a menu item like:

2. What Type Of Input Would You Like To Ban:
[1]  --> IP
[2]  --> Range
[3]  --> Domain
[4]  --> Country

Countries currently banned: none
[1] --> Add country
[2] --> Back

1.

Enter country digraph to ban:

1 ---> cn

Countries currently banned: cn
[1] --> Add country
[2] --> Back

1 ---> ru

Countries currently banned: cn, ru
[1] --> Add country
[2] --> Back

etc...?

Just an idea.

 

[skeal]

####

@Adamm - I know you just pushed an update; food for thought / next update... To preclude this country ban confusion, what if you had a menu item like:

2. What Type Of Input Would You Like To Ban:
[1]  --> IP
[2]  --> Range
[3]  --> Domain
[4]  --> Country

Countries currently banned: none
[1] --> Add country
[2] --> Back

1.

Enter country digraph to ban:

1 ---> cn

Countries currently banned: cn
[1] --> Add country
[2] --> Back

1 ---> ru

Countries currently banned: cn, ru
[1] --> Add country
[2] --> Back

etc...?

Just an idea.

Better idea! Create a string of countries you want blocked separated by spaces and using no other punctuation such as quotes. Copy and paste the whole thing into country block....boom done! One easy step.

 

[bitmonster]

Has anyone noticed any ill effects from banning countries such as Russia, China, Nigeria etc.

Sent from my SM-G965F using Tapatalk

 

[JaimeZX]

Better idea! Create a string of countries you want blocked separated by spaces and using no other punctuation such as quotes. Copy and paste the whole thing into country block....boom done! One easy step.

Well that works fine for me, I'm just saying it'd preclude questions if you came up with a way to avoid syntax confusion.