Skynet Skynet - Router Firewall & Security Enhancements

[ODISEO123]

Hi @Adamm

Thanks for the amazing tool.

I have gone through the usage instruction and part of this huge thread.
I am sure this has been asked several times, but I just don’t find it in the thread.
Do you mind giving some pointers as what is the way to get the best of skynet...things like:
-How often do you check the logs?
-Which packets are more critical to look at (UDP, TCP, ICMP, All).
-How do you quickly spot odd/malicious stuff?
-Is there a quick way of getting Skynet statistics in the WebUI? The log shown with Scribe is difficult to parse (at least for my untrained eye).

I am happy to collate and copy over the Wiki if relevant.

Thanks for any help

 

[OKLY]

Any idea why there were outbound connections blocked but when I check it under stats it does not list out which IP address and which device tried to connect to the blocked IP?

 

[Adamm]

Any idea why there were outbound connections blocked but when I check it under stats it does not list out which IP address and which device tried to connect to the blocked IP?

HTTP(s) blocks are listed separately above. As for why those aren't showing in your "Top 10 Blocked Devices" list, I can't say for certain as it works correctly on my end.

-How often do you check the logs?

Once every few days, don't need to be too overboard with it.

-Which packets are more critical to look at (UDP, TCP, ICMP, All).
-How do you quickly spot odd/malicious stuff?

Anything outbound is worth checking out and getting an idea of whats causing it.

-Is there a quick way of getting Skynet statistics in the WebUI? The log shown with Scribe is difficult to parse (at least for my untrained eye).

The stats command is your best option, its quite flexible and easy to read.

 

[SomeWhereOverTheRainBow]

finally able to respond. I do not have any external ports open if that is what you are asking, and no additional firewall rules. This gives me the ability to appreciate and pay more attention to skynet in my logs. It shows what skynet brings to the table.

Any body noticing skynet deciding to hang 10 and not startup when the router reboots?

this message was repetitively strung across the screen

[*] Skynet Requires A SWAP File - Install One By Running ( /jffs/scripts/firewall debug swap install

but, i have a swap file that is clearly labeled as well. any suggestions?

 

[thelonelycoder]

Any body noticing skynet deciding to hang 10 and not startup when the router reboots?

this message was repetitively strung across the screen

[*] Skynet Requires A SWAP File - Install One By Running ( /jffs/scripts/firewall debug swap install

but, i have a swap file that is clearly labeled as well. any suggestions?

Open Skynet (or Diversion or amtm) it'll correct the path error to the swap file.

 

[Elmer]

Any body noticing skynet deciding to hang 10 and not startup when the router reboots?

this message was repetitively strung across the screen

[*] Skynet Requires A SWAP File - Install One By Running ( /jffs/scripts/firewall debug swap install

but, i have a swap file that is clearly labeled as well. any suggestions?

Yes. I have the same behavior. I've done two things which seem to have helped (but still testing):
1. Dump the USB thumb drive and go to an SSD using a USB 3 enclosure (Ugreen or Sabrent semm to work fine).
This really improves performance - and I'm sure it helps with startup.
2. If using the Merlin's new DNS privacy, on the WAN page, set "Connect to DNS Server automatically" to 'yes.'
This allows the router to connect to the ISP DNS during the early stages of startup/connection, and then DNS privacy will take over. My skynet was running, but it always said "no internet connectivity,' and I would have to manually restart it to get it working.

Like I said- I'm still testing - but it seems a promising start. The SSD stopped startup problems with Diversion as well.

 

[SomeWhereOverTheRainBow]

Yes. I have the same behavior. I've done two things which seem to have helped (but still testing):
1. Dump the USB thumb drive and go to an SSD using a USB 3 enclosure (Ugreen or Sabrent semm to work fine).
This really improves performance - and I'm sure it helps with startup.
2. If using the Merlin's new DNS privacy, on the WAN page, set "Connect to DNS Server automatically" to 'yes.'
This allows the router to connect to the ISP DNS during the early stages of startup/connection, and then DNS privacy will take over. My skynet was running, but it always said "no internet connectivity,' and I would have to manually restart it to get it working.

Like I said- I'm still testing - but it seems a promising start. The SSD stopped startup problems with Diversion as well.

I am using an SSD drive, no flash drive here.
And Wan dns is set to automatic.
Note it isn't a time issue either clock is synced way before hard drives are mounted.
I have no issues with diversion either.
It appears that skynet is just acting unaware.

 

[SomeWhereOverTheRainBow]

Open Skynet (or Diversion or amtm) it'll correct the path error to the swap file.

The problem is it is not getting it to fix the path whenever open them. I am constantly having to restart skynet after reboots. Is there a manual way to tell one of these features to fix the path, bc both amtm and diversion are not having any problems using the swap. Skynet is however is not detecting it.


Edit: I may have resolved the issue.

 

[Elmer]

Wanna' share your solution?
Anyway, I believe that Linux only uses swap only when actual memory has been depleted. Are you using 100%+ memory on start-up? If so, maybe it's time to drop the scripts or upgrade to a router with more memory. Now, I could believe there is a problem with scripts calling code/data from the USB, but blaming swap is likely a case of barking up the wrong tree.

"Swap space usage becomes an issue only when there is not enough RAM available, and the kernel is forced to continuously move memory pages to swap and back to RAM, just to keep applications running. In this case, system monitor applications would show a lot of disk I/O activity."

 

[SomeWhereOverTheRainBow]

Wanna' share your solution?
Anyway, I believe that Linux only uses swap only when actual memory has been depleted. Are you using 100%+ memory on start-up? If so, maybe it's time to drop the scripts or upgrade to a router with more memory. Now, I could believe there is a problem with scripts calling code/data from the USB, but blaming swap is likely a case of barking up the wrong tree.

"Swap space usage becomes an issue only when there is not enough RAM available, and the kernel is forced to continuously move memory pages to swap and back to RAM, just to keep applications running. In this case, system monitor applications would show a lot of disk I/O activity."

The issue was swap was on a separate partition and skynet didn't want to play nicely with that, so i reinstalled it on the same partition. problem solved.

 

[cmkelley]

Wanna' share your solution?
Anyway, I believe that Linux only uses swap only when actual memory has been depleted. Are you using 100%+ memory on start-up? If so, maybe it's time to drop the scripts or upgrade to a router with more memory. Now, I could believe there is a problem with scripts calling code/data from the USB, but blaming swap is likely a case of barking up the wrong tree.

"Swap space usage becomes an issue only when there is not enough RAM available, and the kernel is forced to continuously move memory pages to swap and back to RAM, just to keep applications running. In this case, system monitor applications would show a lot of disk I/O activity."

This is only partially true. What you've described is either thrashing, when both RAM and swap space are nearly full, or when a single program needs continuous access to more RAM than is available, which is rarely the case. There have been many discussion here about what memory is actually used, and what is actually free, which is never as clear as one might think. The kernel swaps out those pages that haven't been accessed in a "long time", and may in fact not actually be needed anymore. It hangs onto them in swap because it hasn't determined for sure that it doesn't need them.

With modern memory management using some swap space is indicative of very little.

 

[SomeWhereOverTheRainBow]

unfortunately, ram is not an issue. it was strictly not noticing the swap on a separate partition, everything was being completed so fast, I tried turning on disk check to slow it down a bit, but that didn't resolve the issue either, my last resort was going to be to add a sleep to the firewall-start, this is obviously not an adequate solution for dealing with the issue because of the nature of time constraints already exhibited inside scripts.

 

[cmkelley]

unfortunately, ram is not an issue. it was strictly not noticing the swap on a separate partition, everything was being completed so fast, I tried turning on disk check to slow it down a bit, but that didn't resolve the issue either, my last resort was going to be to add a sleep to the firewall-start, this is obviously not an adequate solution for dealing with the issue because of the nature of time constraints already exhibited inside scripts.

I wonder if that's somehow related to your issue of needing the sleep to make the logrotate cru work correctly?

 

[SomeWhereOverTheRainBow]

it appears that skynet along with fresh jr was timing out the script by not able to "find" the swap in a timely manner. that could also have caused the cru issue as well.

 

[Elmer]

it appears that skynet along with fresh jr was timing out the script by not able to "find" the swap in a timely manner. that could also have caused the cru issue as well.

Several times in the last few days, Skynet appears to "time out" on me with a resulting, "no internet connectivity" message. Pretty sure it's related to Merlin's privacy DNS taking to long to connect on some rapid fire requests. I finally am just giving up, uninstalling Skynet, and going with "Yet another malware block script using ipset." Between that and TrendMicro, I'll be better off than most.

 

[Matthew Patrick]

Several times in the last few days, Skynet appears to "time out" on me with a resulting, "no internet connectivity" message. Pretty sure it's related to Merlin's privacy DNS taking to long to connect on some rapid fire requests. I finally am just giving up, uninstalling Skynet, and going with "Yet another malware block script using ipset." Between that and TrendMicro, I'll be better off than most.

If the problem is Merlin's privacy DNS thingy. Why don't you try to disable it and use dnscrypt instead ? It may work fine [emoji4]

 

[Butterfly Bones]

Several times in the last few days, Skynet appears to "time out" on me with a resulting, "no internet connectivity" message. Pretty sure it's related to Merlin's privacy DNS taking to long to connect on some rapid fire requests. I finally am just giving up, uninstalling Skynet, and going with "Yet another malware block script using ipset." Between that and TrendMicro, I'll be better off than most.

You might want to check thelonelycoder comment about the fact it has been two years since last update of that blocking script, as posted here.
https://www.snbforums.com/threads/ac68-lost-connection-when-pc-started-up.57449/#post-502949
in response to the original post in that thread.
https://www.snbforums.com/threads/ac68-lost-connection-when-pc-started-up.57449/

 

[Adamm]

Several times in the last few days, Skynet appears to "time out" on me with a resulting, "no internet connectivity" message. Pretty sure it's related to Merlin's privacy DNS taking to long to connect on some rapid fire requests. I finally am just giving up, uninstalling Skynet

I can't reproduce this on a fresh install of the latest Merlin firmware. DOT works fine with Skynet;

If you can reproduce this on a fresh install let me know.

 

[Elmer]

I can't reproduce this on a fresh install of the latest Merlin firmware. DOT works fine with Skynet;

If you can reproduce this on a fresh install let me know.

I'm not blaming Skynet, I think it's a wonderful script. I have a fairly lousy ISP that is overloaded by a nearby campus, and has considerable signal noise, but it's cheap. Pretty sure the overhead of 'privacy DNS' which I will NOT give up (my ISP also blatantly sells consumer's data), and the lousy latency inherent in the connection, are to blame. Really, the fault is with me for being too cheap to go with a high price fiber connection (complete with data caps) from a corporate entity we all despise. So, don't lose any sleep over this, and thanks for providing Merlin scripts.

 

[Bamsefar]

Has anyone any well let's call it a default start for what is good to use?

Background: I have been using yet another script, and it still just works. So what do I need with Skynet? Well block countries I already have. What more? Autobahn is on from install?