Skynet Skynet - Router Firewall & Security Enhancements

[M@rco]

Show debug log does not work as intended:

Works perfectly fine here:

[$] /opt/bin/firewall debug watch

[i] Watching Logs For Debug Entries (ctrl +c) To Stop
...

[*] Debug Mode Is Disabled - Exiting!

Looks like a PEBCAK error to me. In other words, you might consider enabling debug mode before using the debug option. Choose 11 followed by 3 to Enable Debug Mode.

 

[unsynaps]

Is there any way to make a blacklist file of domains? So far it seems I can only make a file of IP's.

 

[Adamm]

Is there any way to make a blacklist file of domains? So far it seems I can only make a file of IP's.

If you are going after specific domains and not IP's its probably better you use something like Diversion to block them at a DNS level. While Skynet does support this type of functionality, Diversion is better suited.

 

[Bondycan]

Hi All,

I have a question about skynet. After installed the script (and rebooted) i cannot connect outside anymore. I've tried to filter ingoing, outgoing, all - none of them seems to get me access to the net. Only when i uninstall and restore from backup i can use the router as before. I think i must do something wrong, but what?

I have Asus AC68u running 384.7 beta3.

The reason i would love to use skynet, is that lately several china and us ip sends a lots of sync_rev on port 80 which makes router behave very slow and i want to stop that.

Thanks in advance.
Bondycan

 

[Adamm]

Hi All,

I have a question about skynet. After installed the script (and rebooted) i cannot connect outside anymore. I've tried to filter ingoing, outgoing, all - none of them seems to get me access to the net. Only when i uninstall and restore from backup i can use the router as before. I think i must do something wrong, but what?

I have Asus AC68u running 384.7 beta3.

The reason i would love to use skynet, is that lately several china and us ip sends a lots of sync_rev on port 80 which makes router behave very slow and i want to stop that.

Thanks in advance.
Bondycan

Skynet logs every connection it blocks if debug mode is enabled, there is never any exception to this rule. If Skynet is the cause of this issue it will appear in the logs accordingly.

Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!

1.) Enable Debug Mode

sh /jffs/scripts/firewall settings debugmode enable

2.) Open the blocked application/website and use the command;

sh /jffs/scripts/firewall debug watch

Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;

DST=175.115.37.52

4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.

https://otx.alienvault.com/indicator/ip/175.115.37.52/

5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

sh /jffs/scripts/firewall whitelist ip 175.115.37.52

 

[Bondycan]

Skynet logs every connection it blocks if debug mode is enabled, there is never any exception to this rule. If Skynet is the cause of this issue it will appear in the logs accordingly.

Adamm, thanks for input. I'll try to see if i can use debug mode to see what's happening.

 

[Zonkd]

Has anyone noticed any ill effects from banning countries such as Russia, China, Nigeria etc.

Sent from my SM-G965F using Tapatalk

I can't even get country bans to work. I haven't gotten around to investigating why that is. Has anyone else noticed that adding a country code like CN has no effect?

 

[Adamm]

I can't even get country bans to work. I haven't gotten around to investigating why that is. Has anyone else noticed that adding a country code like CN has no effect?

skynet@RT-AC86U-2EE8:/tmp/home/root# sh /jffs/scripts/firewall ban country cn
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 04/10/2018 -           Asus Firewall Addition By Adamm v6.5.0                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


[i] Banning Known IP Ranges For (cn)
[i] Downloading Lists
[i] Filtering IPv4 Ranges & Applying Blacklists
[i] Saving Changes

[#] 157686 IPs (+0) -- 6935 Ranges Banned (+5070) || 411 Inbound -- 10 Outbound Connections Blocked! [ban] [4s]

skynet@RT-AC86U-2EE8:/tmp/home/root#

What doesn't work about it?

 

[martinr]

I’ve just noticed Option 7 in the Settings (Option 11) is “ban AiProtect” and the default is Enabled.

I’ve looked for an explanation for this setting but haven’t found one. I have all elements of AIProtection enabled in the router. Does the “ban AiProtect” interfere with those router settings ie should I have Option 7 set to Disabled if I’m running AIProtection?

 

[Zonkd]

Thanks, great work @Adamm!

Forgive me for asking, for how many hours in a day do you spend in "wife-mode"? Do you toggle it on off manually as required? Or is it automatic?

 

[bitmonster]

So what does wife mode do exactly.. Unblock China or something?

 

[Zonkd]

So what does wife mode do exactly.. Unblock China or something?

It just allows quick-switching between 2 filter lists. Its intended to so they can switch to a less aggressive filter list while the wife uses the internet to browse websites hosted in countries they would normally want blocked whenever she isn't using the net. One example is online shopping from Chinese sites like alibaba.

 

[Zonkd]

skynet@RT-AC86U-2EE8:/tmp/home/root# sh /jffs/scripts/firewall ban country cn
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 04/10/2018 -           Asus Firewall Addition By Adamm v6.5.0                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


[i] Banning Known IP Ranges For (cn)
[i] Downloading Lists
[i] Filtering IPv4 Ranges & Applying Blacklists
[i] Saving Changes

[#] 157686 IPs (+0) -- 6935 Ranges Banned (+5070) || 411 Inbound -- 10 Outbound Connections Blocked! [ban] [4s]

skynet@RT-AC86U-2EE8:/tmp/home/root#

What doesn't work about it?

Applying country bans has no effect. Doesn't seem to download any additional ip ranges. See screenshots below.

Before (default settings, without any country bans enabled)

After (entered the country codes CN and RU):

Note: 0 connections blocked because its a clean install on spare AC68U and I haven't done regular browsing on it yet.

 

[Adamm]

I’ve just noticed Option 7 in the Settings (Option 11) is “ban AiProtect” and the default is Enabled.

I’ve looked for an explanation for this setting but haven’t found one. I have all elements of AIProtection enabled in the router. Does the “ban AiProtect” interfere with those router settings ie should I have Option 7 set to Disabled if I’m running AIProtection?

Its a new feature I added a few months ago. Skynet will source data from the AiProtect two-way IPS log, then also blacklist them in Skynet. This way once AiProtect flags an IP as attempting to exploit the router, Skynet will proceed to block ALL other traffic.

Without Skynet only the exploit is blocked, not the source IP.

 

[Adamm]

Applying country bans has no effect. Doesn't seem to download any additional ip ranges. See screenshots below.

Before (default settings, without any country bans enabled)

After (entered the country codes CN and RU):

Note: 0 connections blocked because its a clean install on spare AC68U and I haven't done regular browsing on it yet.

The function is case sensitive as it uses your input to generate URL's internally. Try using lower case.

EDIT; I pushed a hotfix because it was fairly simple to automatically convert it, but this is more of a user input error.

 

[martinr]

Its a new feature I added a few months ago. Skynet will source data from the AiProtect two-way IPS log, then also blacklist them in Skynet. This way once AiProtect flags an IP as attempting to exploit the router, Skynet will proceed to block ALL other traffic.

Without Skynet only the exploit is blocked, not the source IP.

Brilliant! I started doing that manually a few weeks ago but soon gave up!

Thanks Adamm

 

[Zonkd]

The function is case sensitive as it uses your input to generate URL's internally. Try using lower case.

Eureka! That worked thanks. Is this fact documented anywhere?

 

[Adamm]

Eureka! That worked thanks. Is this fact documented anywhere?

I wasn't aware of the bug until you pointed it out, but in any case Skynet will now automatically convert it to lower case so problem solved.

 

[Zonkd]

I wasn't aware of the bug until you pointed it out, but in any case Skynet will now automatically convert it to lower case so problem solved.

Thankyou! I'm surprised to be the first on the forum to make the mistake of using ALL CAPS

 

[agilani]

Has anyone noticed any ill effects from banning countries such as Russia, China, Nigeria etc.

Sent from my SM-G965F using Tapatalk

Not really, most real sites that you need to use are not hosted in china/russia or use a cdn. I use aliexpress pretty regularly and have china blocked for example. They still get served up through akamai.