Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

wbennett77

Regular Contributor
Hey Adamm,

I just manually added a few countries to your script. When adding manually do the default countries added using your pre-determined list using the "firewall bancountry" command remain or will I have to add these manually again?

Cheers!
 

shooter40sw

Senior Member
Hi guys nothing yet on the other routers to make this work? I got a N66U, thanks for the hard work! regards
 

wbennett77

Regular Contributor
By default the cron should show this information every hour when the save command is executed. You can do this in ssh by using "firewall save"
I am not seeing this every hour. The only time I see it is if I manually "firewall save" using SSH. Any suggestions?
 

Adamm

Part of the Furniture
I am not seeing this every hour. The only time I see it is if I manually "firewall save" using SSH. Any suggestions?
I'd say the firewall-start script isn't being executed on boot, repeat the instructions in the first step and it should work.

As for compatibility, I'm without a laptop at the moment as I'm buying a new G750 so it will be a few weeks before I'm able to update the script with the different syntax.
 

wbennett77

Regular Contributor
Thanks Adamm. Is there any reason to be concerned about too many writes to the jffs area?

Sent from my Galaxy S4 using Tapatalk
 

wbennett77

Regular Contributor
I'd say the firewall-start script isn't being executed on boot, repeat the instructions in the first step and it should work.
I repeated the steps. Checked this morning and other than DHCP requests there is nothing in the System log. I have to APPLY the the Firewall in the GUI in or SSH into the router and FIREWALL SAVE in order to see any info. There is no autosave happening for me. Also, in the router firewall settings I cannot change the logging type to anything but DROPPED if that means anything.
 

Adamm

Part of the Furniture
I repeated the steps. Checked this morning and other than DHCP requests there is nothing in the System log. I have to APPLY the the Firewall in the GUI in or SSH into the router and FIREWALL SAVE in order to see any info. There is no autosave happening for me. Also, in the router firewall settings I cannot change the logging type to anything but DROPPED if that means anything.
As for jffs writes, I believe the jffs partition has more write cycles then a traditional ssd so no worries there.

As for the script not being executed hourly, I assume still it's todo with the firewall-start file, possibly because of how I originally uploaded it and encoding settings. Try execute the file manually in ssh via;

sh /jffs/scripts/firewall-start

If you see any errors, manually recreate the file and copy and paste the contents from the linked file in the first post. The script also automatically turns the firewall on with logged dropped setting as it uses both for the blacklist.

Again still stuck with just an iPhone at the moment so can't do much on my end atm.
 

wbennett77

Regular Contributor
Thanks Adamm. I will try the manual start when I get home from work this evening. Cheers!

Sent from my Galaxy S4 using Tapatalk
 

wbennett77

Regular Contributor
As for the script not being executed hourly, I assume still it's todo with the firewall-start file, possibly because of how I originally uploaded it and encoding settings. Try execute the file manually in ssh via;

sh /jffs/scripts/firewall-start

If you see any errors, manually recreate the file and copy and paste the contents from the linked file in the first post. The script also automatically turns the firewall on with logged dropped setting as it uses both for the blacklist.
I executed the firewall-start using SSH and got this error message:
Correct Settings Detected
Correct Settings Detected.
[IP Banning Started] ... ... ...
iptables: No chain/target/match by that name.
Started: Thu May 1 16:41:05 DST 2014
Finished: Thu May 1 16:41:07 DST 2014
6037 IP's currently banned
iptables: No chain/target/match by that name
 

Adamm

Part of the Furniture
I executed the firewall-start using SSH and got this error message:

iptables: No chain/target/match by that name
Looks normal to me, that's just some debug output from when the script starts and removes any old possible conflicting rules and creates the new set.
 

wbennett77

Regular Contributor
Looks normal to me, that's just some debug output from when the script starts and removes any old possible conflicting rules and creates the new set.
I am still not seeing the hourly scheduled save. I just rebooted into Windows and repeated step 1 using Xshell4. I had been using Putty in Linux Mint 13 up until now. If nothing changes I guess I will have to do the save manually a couple times each day.

Cheers!
 

Adamm

Part of the Furniture
I am still not seeing the hourly scheduled save. I just rebooted into Windows and repeated step 1 using Xshell4. I had been using Putty in Linux Mint 13 up until now. If nothing changes I guess I will have to do the save manually a couple times each day.

Cheers!
After a reboot post the output of the following command,

cat /var/spool/cron/crontabs/admin

If the firewall-start script is working this should be filled with two cronjobs (save and backup).
 

wbennett77

Regular Contributor
After a reboot post the output of the following command,

cat /var/spool/cron/crontabs/admin

If the firewall-start script is working this should be filled with two cronjobs (save and backup).
Here is the result:
0 * * * * /opt/bin/firewall save
0 5 * * * /opt/bin/firewall backup
 

Adamm

Part of the Furniture
Here is the result:

That's weird, by the looks of it there is no reason the cron shouldn't be executing at the start of every hour as its in the crontab file. Not only that but the same installation instructions works on my end. Maybe its to-do with a third party package installed via optware (cron in particular)

Once I get my new machine next week I'll look into it further but currently I am somewhat stumped as everything looks correct and is executing as per usual.
 

wbennett77

Regular Contributor
That's weird, by the looks of it there is no reason the cron shouldn't be executing at the start of every hour as its in the crontab file. Not only that but the same installation instructions works on my end. Maybe its to-do with a third party package installed via optware (cron in particular)

Once I get my new machine next week I'll look into it further but currently I am somewhat stumped as everything looks correct and is executing as per usual.
Looked at the logs again this morning and no cronjob being executed. I will continue to save the fie manually until we can get this figured out. I can wait until you get your new machine before exploring this any further. The banned ip's continue to be added which is awesome and I have added a few countries based on attacks I see on my wifes website.

Cheers!
 

Wisiwyg

Regular Contributor
Currently this script is only supported for ARM based routers (AC56U/AC68U) as they run a different version of IPTables
Any chance to implement on AC66U?

TIA - good work!
 

wbennett77

Regular Contributor
Hey Adamm,
I have now tried three different usb drives starting from scratch each time and I haven't had any luck with the auto save. I have to manually save the new banned ip addresses.
Cheers!

Sent from my Galaxy S4 using Tapatalk
 

speedbump

Regular Contributor
Question 1:
might be silly question but does installing optware/entware pose any security risks in it self ?

Question 2:
I know there is a simple port scanning website to see if there I have any open ports that I should not, BUT is there a site that does more than that to really see how good a firewall is ?

thanks
 

wbennett77

Regular Contributor
That's weird, by the looks of it there is no reason the cron shouldn't be executing at the start of every hour as its in the crontab file. Not only that but the same installation instructions works on my end. Maybe its to-do with a third party package installed via optware (cron in particular)

Once I get my new machine next week I'll look into it further but currently I am somewhat stumped as everything looks correct and is executing as per usual.
Hey Adamm....just wondering if you have had any time to spend on this. This is a great project and I really would like to get it working as planned.

Cheers!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top