Menu
What's new
By:
Filters Better Search

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

For anyone using the (work in progress) USB support, please update and run the installer again, there was a scenario on boot where the script would execute before the USB mounted leading to IPSets not being loaded.

Also on that note, USB implementation is subject to change over the coming days, so if you are an early adopter be prepared to have to update/reinstall in future once its finalised.

MarCoMLXXV said:
Unfortunately I had no other option then to select 2 (No), as /dev/sda1 is my swap partition.
Click to expand...

I will attempt to make it "smarter" over the coming days, we will see how it turns out :p
 
I've pushed 4.7.3 which should support all detected USB devices.

Please reinstall if you are currently using USB mode as the boot args have changed

Future (USB) updates shouldn't require a reinstall so this will hopefully be the last time. Please test it out and let me know how it goes. Thanks
 
i didn`t use this script about ten days....i made fresh install today but don`t see anything to blocked in syslog? i installed third option....
Code: 
admin@RT-AC3200-7180:/jffs/scripts# sh firewall debug info
#!/bin/sh
#############################################################################################################
#                              _____ _                     _           _  _        #
#                             / ____| |                   | |         | || |       #
#                            | (___ | | ___   _ _ __   ___| |_  __   _| || |_      #
#                             \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /__   _|     #
#                             ____) |   <| |_| | | | |  __/ |_   \ V /   | |       #
#                            |_____/|_|\_\\__, |_| |_|\___|\__|   \_(_)  |_|       #
#                                          __/ |                                   #
#                                         |___/                                    #
#                                                                                  #
## - 06/06/2017 -                  Asus Firewall Addition By Adamm v4.7.3          #
##                                 https://github.com/Adamm00/IPSet_ASUS           #
#############################################################################################################


##############################
###       Commands         ###
##############################
#         "unban"            # <-- Remove Entry From Blacklist (IP/Range/Domain/Port/Country/Malware/All/Nomanual)
#         "save"             # <-- Save Blacklists To ipset.txt
#         "ban"              # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
#         "banmalware"       # <-- Bans Various Malware Domains
#         "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
#         "import"           # <-- Bans All IPs From URL
#         "deport"           # <-- Unbans All IPs From URL
#         "disable"          # <-- Disable Firewall
#         "debug"            # <-- Specific Debug Features (Restart/Disable/Watch/Info)
#         "update"           # <-- Update Script To Latest Version (check github for changes)
#         "start"            # <-- Initiate Firewall
#         "stats"            # <-- Print/Search Stats Of Recently Banned IPs (Requires debugging enabled)
#         "install"          # <-- Install Script (Or Change Boot Args)
#         "uninstall"        # <-- Uninstall All Traces Of Skynet
##############################

Router Model: RT-AC3200-7180
Skynet Version: v4.7.3 (06/06/2017)
iptables v1.4.14
ipset v6.29, protocol version: 6
FW Version: 380.66_4
Startup Entry Detected
Cronjob Detected
Autobanning Enabled
Whitelist IPTable Detected
BlockedRanges IPTable Detected
Blacklist IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet: [Complete] 122622 IPs / 5302 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [1s]
admin@RT-AC3200-7180:/jffs/scripts# sh firewall stats
#!/bin/sh
#############################################################################################################
#                              _____ _                     _           _  _        #
#                             / ____| |                   | |         | || |       #
#                            | (___ | | ___   _ _ __   ___| |_  __   _| || |_      #
#                             \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /__   _|     #
#                             ____) |   <| |_| | | | |  __/ |_   \ V /   | |       #
#                            |_____/|_|\_\\__, |_| |_|\___|\__|   \_(_)  |_|       #
#                                          __/ |                                   #
#                                         |___/                                    #
#                                                                                  #
## - 06/06/2017 -                  Asus Firewall Addition By Adamm v4.7.3          #
##                                 https://github.com/Adamm00/IPSet_ASUS           #
#############################################################################################################


##############################
###       Commands         ###
##############################
#         "unban"            # <-- Remove Entry From Blacklist (IP/Range/Domain/Port/Country/Malware/All/Nomanual)
#         "save"             # <-- Save Blacklists To ipset.txt
#         "ban"              # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
#         "banmalware"       # <-- Bans Various Malware Domains
#         "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
#         "import"           # <-- Bans All IPs From URL
#         "deport"           # <-- Unbans All IPs From URL
#         "disable"          # <-- Disable Firewall
#         "debug"            # <-- Specific Debug Features (Restart/Disable/Watch/Info)
#         "update"           # <-- Update Script To Latest Version (check github for changes)
#         "start"            # <-- Initiate Firewall
#         "stats"            # <-- Print/Search Stats Of Recently Banned IPs (Requires debugging enabled)
#         "install"          # <-- Install Script (Or Change Boot Args)
#         "uninstall"        # <-- Uninstall All Traces Of Skynet
##############################

No Debug Data Detected - Give This Time To Generate
admin@RT-AC3200-7180:/jffs/scripts#
 
bayern1975 said:
i didn`t use this script about ten days....i made fresh install today but don`t see anything to blocked in syslog? i installed third option....
Click to expand...

Try restart the firewall;

Code: 
sh /jffs/scripts/firewall debug restart

Then give it alittle time and see what happens
 
bayern1975 said:
i do that but still nothing in syslog.....
Click to expand...

I mean, it should only be printing in syslog when it blocks a connection so that's not completely odd. To confirm its working, try ping a random IP from the output of the following command;

Code: 
ipset -L Blacklist

If it hangs (and prints in syslog) you can rest assured the Blacklist is working as it should. (also make sure you have debug mode enabled)
 
Adamm said:
I mean, it should only be printing in syslog when it blocks a connection so that's not completely odd. To confirm its working, try ping a random IP from the output of the following command;

Code: 
ipset -L Blacklist

If it hangs (and prints in syslog) you can rest assured the Blacklist is working as it should. (also make sure you have debug mode enabled)
Click to expand...
yes, i can ping all IP`s from ipset -L Blacklist.....so in my case something not working as should be?
Code: 
admin@RT-AC3200-7180:/tmp/home/root# ipset -L Blacklist
77.146.254.85
68.234.3.235
190.48.215.33
23.229.5.22
109.99.181.138
119.246.64.49
123.56.29.157
82.76.81.10
221.214.183.73
admin@RT-AC3200-7180:/tmp/home/root# ping 77.146.254.85
PING 77.146.254.85 (77.146.254.85): 56 data bytes
64 bytes from 77.146.254.85: seq=0 ttl=53 time=72.079 ms
64 bytes from 77.146.254.85: seq=1 ttl=53 time=71.027 ms
64 bytes from 77.146.254.85: seq=2 ttl=53 time=71.428 ms
64 bytes from 77.146.254.85: seq=3 ttl=53 time=71.846 ms
64 bytes from 77.146.254.85: seq=4 ttl=53 time=72.278 ms
64 bytes from 77.146.254.85: seq=5 ttl=53 time=72.773 ms
64 bytes from 77.146.254.85: seq=6 ttl=53 time=71.679 ms
64 bytes from 77.146.254.85: seq=7 ttl=53 time=72.168 ms
64 bytes from 77.146.254.85: seq=8 ttl=53 time=72.546 ms
64 bytes from 77.146.254.85: seq=9 ttl=53 time=72.730 ms
64 bytes from 77.146.254.85: seq=10 ttl=53 time=71.763 ms
64 bytes from 77.146.254.85: seq=11 ttl=53 time=72.229 ms
64 bytes from 77.146.254.85: seq=12 ttl=53 time=72.592 ms
64 bytes from 77.146.254.85: seq=13 ttl=53 time=71.556 ms
64 bytes from 77.146.254.85: seq=14 ttl=53 time=71.789 ms
64 bytes from 77.146.254.85: seq=15 ttl=53 time=72.189 ms
^C
--- 77.146.254.85 ping statistics ---
16 packets transmitted, 16 packets received, 0% packet loss
round-trip min/avg/max = 71.027/72.042/72.773 ms
 
bayern1975 said:
yes, i can ping all IP`s from ipset -L Blacklist.....so in my case something not working as should be?
Click to expand...

I see you only posted 9 entries there (maybe it was only a snippet), but your previous post's log said there was 122622. Did the list get cleared at some point?

Also, the only way you should be able to ping an IP on the Blacklist is if it was also on the Whitelist as it takes priority.
 
I've pushed 4.7.5, there was an oversight on my end in the logic which didn't support USB devices with multiple partitions. This should be fixed in this update.

Thanks to @MarCoMLXXV for pointing it out
 
Adamm said:
I see you only posted 9 entries there (maybe it was only a snippet), but your previous post's log said there was 122622. Did the list get cleared at some point?

Also, the only way you should be able to ping an IP on the Blacklist is if it was also on the Whitelist as it takes priority.
Click to expand...
no, i removed almost all entries....there was to many addresses for post here.....i just posted some entries wit one ping address.....
i installed fresh copy again....no errors, all fine but syslog is empty?
Code: 
login as: admin
admin@192.168.5.1's password:


ASUSWRT-Merlin RT-AC3200 380.66-4 Fri May 26 21:56:22 UTC 2017
admin@RT-AC3200-7180:/tmp/home/root# cd /jffs/scripts
admin@RT-AC3200-7180:/jffs/scripts# wget -O /jffs/scripts/firewall https://raw.g
ithubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh
--2017-06-06 19:49:14--  https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh
Resolving raw.githubusercontent.com... 151.101.112.133
Connecting to raw.githubusercontent.com|151.101.112.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 37658 (37K) [text/plain]
Saving to: '/jffs/scripts/firewall'

/jffs/scripts/firew 100%[=====================>]  36.78K  --.-KB/s   in 0.02s

2017-06-06 19:49:15 (1.73 MB/s) - '/jffs/scripts/firewall' saved [37658/37658]

admin@RT-AC3200-7180:/jffs/scripts# chmod +x /jffs/scripts/firewall
admin@RT-AC3200-7180:/jffs/scripts# sh /jffs/scripts/firewall install
#!/bin/sh
#############################################################################################################
#                              _____ _                     _           _  _        #
#                             / ____| |                   | |         | || |       #
#                            | (___ | | ___   _ _ __   ___| |_  __   _| || |_      #
#                             \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /__   _|     #
#                             ____) |   <| |_| | | | |  __/ |_   \ V /   | |       #
#                            |_____/|_|\_\\__, |_| |_|\___|\__|   \_(_)  |_|       #
#                                          __/ |                                   #
#                                         |___/                                    #
#                                                                                  #
## - 06/06/2017 -                  Asus Firewall Addition By Adamm v4.7.5          #
##                                 https://github.com/Adamm00/IPSet_ASUS           #
#############################################################################################################


##############################
###       Commands         ###
##############################
#         "unban"            # <-- Remove Entry From Blacklist (IP/Range/Domain/Port/Country/Malware/All/Nomanual)
#         "save"             # <-- Save Blacklists To ipset.txt
#         "ban"              # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
#         "banmalware"       # <-- Bans Various Malware Domains
#         "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
#         "import"           # <-- Bans All IPs From URL
#         "deport"           # <-- Unbans All IPs From URL
#         "disable"          # <-- Disable Firewall
#         "debug"            # <-- Specific Debug Features (Restart/Disable/Watch/Info)
#         "update"           # <-- Update Script To Latest Version (check github for changes)
#         "start"            # <-- Initiate Firewall
#         "stats"            # <-- Print/Search Stats Of Recently Banned IPs (Requires debugging enabled)
#         "install"          # <-- Install Script (Or Change Boot Args)
#         "uninstall"        # <-- Uninstall All Traces Of Skynet
##############################

Installing Skynet v4.7.5
This Will Remove Any Old Install Arguements And Can Be Run Multiple Times
Please Select Installation Mode (Number)
1. Vanilla -           Default Installation
2. NoAuto -            Default Installation Without Autobanning
3. Debug -             Default Installation With Debug Print For Extended Stat Reporting
4. NoAuto & Debug -    Default Installation With No Autobanning And Debug Print

3
Debug Selected

Would You Like To Enable Weekly Malwarelist Updating?
1. Yes
2. No
Please Select Option (Number)
1
Malware List Updating Enabled
Malware Updates Scheduled For 1.25am Every Monday

Would You Like To Enable Daily Auto Script Updating?
Skynet By Default Only Checks For Updates But They Are Never Downloaded

1. Yes
2. No
Please Select Option (Number)
1
Auto Updating Enabled
Skynet Updates Scheduled For 2.25am Daily

Where Would You Like To Install Skynet?
Skynet By Default Is Installed To JFFS

1. JFFS
2. USB
Please Select Option (Number)
2

USB Installation Selected
Compadible Devices To Install Are;
/tmp/mnt/sda1 - (/dev/sda1)
/tmp/mnt/sda2 - (/dev/sda2)

Please Type Device Label - eg /tmp/mnt/Main
/tmp/mnt/sda2

Restarting Firewall To Apply Changes

Done.
admin@RT-AC3200-7180:/jffs/scripts# sh firewall banmalware
#!/bin/sh
#############################################################################################################
#                              _____ _                     _           _  _        #
#                             / ____| |                   | |         | || |       #
#                            | (___ | | ___   _ _ __   ___| |_  __   _| || |_      #
#                             \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /__   _|     #
#                             ____) |   <| |_| | | | |  __/ |_   \ V /   | |       #
#                            |_____/|_|\_\\__, |_| |_|\___|\__|   \_(_)  |_|       #
#                                          __/ |                                   #
#                                         |___/                                    #
#                                                                                  #
## - 06/06/2017 -                  Asus Firewall Addition By Adamm v4.7.5          #
##                                 https://github.com/Adamm00/IPSet_ASUS           #
#############################################################################################################


##############################
###       Commands         ###
##############################
#         "unban"            # <-- Remove Entry From Blacklist (IP/Range/Domain/Port/Country/Malware/All/Nomanual)
#         "save"             # <-- Save Blacklists To ipset.txt
#         "ban"              # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
#         "banmalware"       # <-- Bans Various Malware Domains
#         "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
#         "import"           # <-- Bans All IPs From URL
#         "deport"           # <-- Unbans All IPs From URL
#         "disable"          # <-- Disable Firewall
#         "debug"            # <-- Specific Debug Features (Restart/Disable/Watch/Info)
#         "update"           # <-- Update Script To Latest Version (check github for changes)
#         "start"            # <-- Initiate Firewall
#         "stats"            # <-- Print/Search Stats Of Recently Banned IPs (Requires debugging enabled)
#         "install"          # <-- Install Script (Or Change Boot Args)
#         "uninstall"        # <-- Uninstall All Traces Of Skynet
##############################

To Use A Custom List In Future Use; "sh firewall banmalware URL"
Downloading Lists
Filtering IPv4 Addresses
Filtering IPv4 Ranges
Applying Blacklists
Warning; This May Have Blocked Your Favorite Website
To Whitelist It Use; "sh firewall whitelist domain URL"
Saving Changes
Skynet: [Complete] 127016 IPs / 5372 Ranges banned. 127016 New IPs / 5372 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [26s]
 
Last edited:
@Adamm. Thanks a lot, the install to my USB location is working perfect and I can see that the lists have generated in that folder. :)

Just a question. With this script, is there no need for ya-malware and the iblocklists scripts? I have noticed that with this script and the list it generates, I can see ya-malware and iblocklists which I have also installed separately. Is that how it works?
 
dandle said:
@Adamm. Thanks a lot, the install to my USB location is working perfect and I can see that the lists have generated in that folder. :)

Just a question. With this script, is there no need for ya-malware and the iblocklists scripts? I have noticed that with this script and the list it generates, I can see ya-malware and iblocklists which I have also installed separately. Is that how it works?
Click to expand...

Good to know its working for you. All the "malware" scripts on this forum basically use the same source lists, its just different implementations, so realistically its best to just choose one for this functionality.
 
second part:
Code: 
admin@RT-AC3200-7180:/jffs/scripts# sh firewall debug info
#!/bin/sh
#############################################################################################################
#                              _____ _                     _           _  _        #
#                             / ____| |                   | |         | || |       #
#                            | (___ | | ___   _ _ __   ___| |_  __   _| || |_      #
#                             \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /__   _|     #
#                             ____) |   <| |_| | | | |  __/ |_   \ V /   | |       #
#                            |_____/|_|\_\\__, |_| |_|\___|\__|   \_(_)  |_|       #
#                                          __/ |                                   #
#                                         |___/                                    #
#                                                                                  #
## - 06/06/2017 -                  Asus Firewall Addition By Adamm v4.7.5          #
##                                 https://github.com/Adamm00/IPSet_ASUS           #
#############################################################################################################


##############################
###       Commands         ###
##############################
#         "unban"            # <-- Remove Entry From Blacklist (IP/Range/Domain/Port/Country/Malware/All/Nomanual)
#         "save"             # <-- Save Blacklists To ipset.txt
#         "ban"              # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
#         "banmalware"       # <-- Bans Various Malware Domains
#         "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
#         "import"           # <-- Bans All IPs From URL
#         "deport"           # <-- Unbans All IPs From URL
#         "disable"          # <-- Disable Firewall
#         "debug"            # <-- Specific Debug Features (Restart/Disable/Watch/Info)
#         "update"           # <-- Update Script To Latest Version (check github for changes)
#         "start"            # <-- Initiate Firewall
#         "stats"            # <-- Print/Search Stats Of Recently Banned IPs (Requires debugging enabled)
#         "install"          # <-- Install Script (Or Change Boot Args)
#         "uninstall"        # <-- Uninstall All Traces Of Skynet
##############################

Router Model: RT-AC3200-7180
Skynet Version: v4.7.5 (06/06/2017)
iptables v1.4.14
ipset v6.29, protocol version: 6
FW Version: 380.66_4
Install Dir; /tmp/mnt/sda2/skynet
Startup Entry Detected
Cronjob Detected
Autobanning Enabled
Debug Mode Enabled
Whitelist IPTable Detected
BlockedRanges IPTable Detected
Blacklist IPTable Detected
Whitelist IPSet Detected
BlockedRanges IPSet Detected
Blacklist IPSet Detected
Skynet: [Complete] 127016 IPs / 5372 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [1s]
admin@RT-AC3200-7180:/jffs/scripts# sh firewall stats
#!/bin/sh
#############################################################################################################
#                              _____ _                     _           _  _        #
#                             / ____| |                   | |         | || |       #
#                            | (___ | | ___   _ _ __   ___| |_  __   _| || |_      #
#                             \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /__   _|     #
#                             ____) |   <| |_| | | | |  __/ |_   \ V /   | |       #
#                            |_____/|_|\_\\__, |_| |_|\___|\__|   \_(_)  |_|       #
#                                          __/ |                                   #
#                                         |___/                                    #
#                                                                                  #
## - 06/06/2017 -                  Asus Firewall Addition By Adamm v4.7.5          #
##                                 https://github.com/Adamm00/IPSet_ASUS           #
#############################################################################################################


##############################
###       Commands         ###
##############################
#         "unban"            # <-- Remove Entry From Blacklist (IP/Range/Domain/Port/Country/Malware/All/Nomanual)
#         "save"             # <-- Save Blacklists To ipset.txt
#         "ban"              # <-- Adds Entry To Blacklist (IP/Range/Domain/Port/Country)
#         "banmalware"       # <-- Bans Various Malware Domains
#         "whitelist"        # <-- Add Entry To Whitelist (IP/Range/Domain/Port/Remove)
#         "import"           # <-- Bans All IPs From URL
#         "deport"           # <-- Unbans All IPs From URL
#         "disable"          # <-- Disable Firewall
#         "debug"            # <-- Specific Debug Features (Restart/Disable/Watch/Info)
#         "update"           # <-- Update Script To Latest Version (check github for changes)
#         "start"            # <-- Initiate Firewall
#         "stats"            # <-- Print/Search Stats Of Recently Banned IPs (Requires debugging enabled)
#         "install"          # <-- Install Script (Or Change Boot Args)
#         "uninstall"        # <-- Uninstall All Traces Of Skynet
##############################

No Debug Data Detected - Give This Time To Generate
admin@RT-AC3200-7180:/jffs/scripts#
Code: 
Jun  6 19:50:40 Skynet: [IP Banning Started] ... ... ...
Jun  6 19:50:40 kernel: ip_set: protocol 6
Jun  6 19:50:41 Skynet: [Complete]  IPs /  Ranges banned. -122622 New IPs / -5302 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [2s]
Jun  6 19:51:13 Skynet: [Complete] 127016 IPs / 5372 Ranges banned. 127016 New IPs / 5372 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [26s]
Jun  6 19:53:27 Skynet: [Complete] 127016 IPs / 5372 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [1s]
Jun  6 20:00:05 Skynet: [Complete] 127016 IPs / 5372 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [5s]

in ten minutes no logs but i am sure i should have it like others?
 
bayern1975 said:
in ten minutes no logs but i am sure i should have it like others?
Click to expand...

All the output indicates everything should be running smoothly, you have all the necessary IPSets/IPTables rules etc. Try a reboot to start on a "fresh slate". Very strange

If after that you still aren't getting any log entries, please ping a few random IPs from the list, then post the output of the following command;

Code: 
iptables --line -vL -nt raw
 
Adamm said:
All the output indicates everything should be running smoothly, you have all the necessary IPSets/IPTables rules etc. Try a reboot to start on a "fresh slate". Very strange

If after that you still aren't getting any log entries, please ping a few random IPs from the list, then post the output of the following command;

Code: 
iptables --line -vL -nt raw
Click to expand...

i rebooted, nothing better then i put one address from ipset list and i can ping it.....then i put in terminal your command....and this is output:
Code: 
admin@RT-AC3200-7180:/tmp/home/root# ping 80.69.247.218
PING 80.69.247.218 (80.69.247.218): 56 data bytes
64 bytes from 80.69.247.218: seq=0 ttl=47 time=177.765 ms
64 bytes from 80.69.247.218: seq=1 ttl=47 time=179.486 ms
64 bytes from 80.69.247.218: seq=2 ttl=47 time=177.110 ms
64 bytes from 80.69.247.218: seq=3 ttl=47 time=176.005 ms
64 bytes from 80.69.247.218: seq=4 ttl=47 time=183.172 ms
64 bytes from 80.69.247.218: seq=5 ttl=47 time=175.512 ms
64 bytes from 80.69.247.218: seq=6 ttl=47 time=182.767 ms
64 bytes from 80.69.247.218: seq=7 ttl=47 time=176.095 ms
64 bytes from 80.69.247.218: seq=8 ttl=47 time=176.398 ms
64 bytes from 80.69.247.218: seq=9 ttl=47 time=176.986 ms
64 bytes from 80.69.247.218: seq=10 ttl=47 time=176.530 ms
64 bytes from 80.69.247.218: seq=11 ttl=47 time=178.653 ms
64 bytes from 80.69.247.218: seq=12 ttl=47 time=182.268 ms
64 bytes from 80.69.247.218: seq=13 ttl=47 time=176.477 ms
64 bytes from 80.69.247.218: seq=14 ttl=47 time=176.279 ms
64 bytes from 80.69.247.218: seq=15 ttl=47 time=177.174 ms
64 bytes from 80.69.247.218: seq=16 ttl=47 time=177.466 ms
64 bytes from 80.69.247.218: seq=17 ttl=47 time=176.655 ms
64 bytes from 80.69.247.218: seq=18 ttl=47 time=180.712 ms
64 bytes from 80.69.247.218: seq=19 ttl=47 time=178.175 ms
64 bytes from 80.69.247.218: seq=20 ttl=47 time=178.293 ms
64 bytes from 80.69.247.218: seq=21 ttl=47 time=181.506 ms
64 bytes from 80.69.247.218: seq=22 ttl=47 time=177.729 ms
^C
--- 80.69.247.218 ping statistics ---
23 packets transmitted, 23 packets received, 0% packet loss
round-trip min/avg/max = 175.512/178.226/183.172 ms

admin@RT-AC3200-7180:/tmp/home/root# iptables --line -vL -nt raw
Chain PREROUTING (policy ACCEPT 4551 packets, 511K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      144 47232 ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            match-set Whitelist src
2        0     0 LOG        all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            match-set BlockedRanges src LOG flags 7 level 4 prefix "[BLOCKED - RAW] "
3        0     0 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            match-set BlockedRanges src
4        0     0 LOG        all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            match-set Blacklist src LOG flags 7 level 4 prefix "[BLOCKED - RAW] "
5        0     0 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            match-set Blacklist src

Chain OUTPUT (policy ACCEPT 6864 packets, 8616K bytes)
num   pkts bytes target     prot opt in     out     source               destination
admin@RT-AC3200-7180:/tmp/home/root#
 
Yeah I think I see the same as @bayern1975

When I started the Firewall it shows:

"Skynet: [Complete] 142025 IPs / 6117 Ranges banned. 0 New IPs / 0 New Ranges Banned. 0 IP / 0 Range Connections Blocked! [4s]"

However when I input iptables --line -vL -nt raw I see no dropped entries here. I tested with other scripts and they count up fine.
 
bayern1975 said:
i rebooted, nothing better then i put one address from ipset list and i can ping it.....then i put in terminal your command....and this is output:
Click to expand...

The only thing that comes to mind is maybe your WAN traffic is on another interface to eth0. What does the following command output look like;

Code: 
iptables -vL
 
Adamm said:
The only thing that comes to mind is maybe your WAN traffic is on another interface to eth0. What does the following command output look like;

Code: 
iptables -vL
Click to expand...

yes, my wan is ppp0.....but it was working well with your script about 14 days ago....maybe you somethin change in script and add support just for eth0?

Code: 
Jun  6 19:50:29 start_nat_rules: apply the nat_rules(/tmp/nat_rules_ppp0_eth0)!
Jun  6 19:50:29 custom script: Running /jffs/scripts/firewall-start (args: ppp0)

Code: 
login as: admin
admin@192.168.5.1's password:


ASUSWRT-Merlin RT-AC3200 380.66-4 Fri May 26 21:56:22 UTC 2017
admin@RT-AC3200-7180:/tmp/home/root# iptables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  tun21  any     anywhere             anywhere   
   89 16066 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:1195
    2    58 logdrop    icmp --  ppp0   any     anywhere             anywhere             icmp echo-request
  685 44792 SECURITY_PROTECT  tcp  --  any    any     anywhere             anywhere             multiport dports ssh
15102 2138K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
   34  3083 logdrop    all  --  any    any     anywhere             anywhere             state INVALID
 2018  127K ACCEPT     all  --  br0    any     anywhere             anywhere             state NEW
  992  135K ACCEPT     all  --  lo     any     anywhere             anywhere             state NEW
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp spt:bootps dpt:bootpc
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp !echo-request
  807  251K logdrop    all  --  any    any     anywhere             anywhere   

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   45  6092 ACCEPT     all  --  tun21  any     anywhere             anywhere   
  583 31064 TCPMSS     tcp  --  any    any     anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
 1738  147K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 logdrop    all  --  !br0   ppp0    anywhere             anywhere   
    0     0 logdrop    all  --  !br0   eth0    anywhere             anywhere   
    0     0 logdrop    all  --  eth0   any     anywhere             anywhere             state INVALID
    0     0 ACCEPT     all  --  br0    br0     anywhere             anywhere   
  345 62596 NSFW       all  --  any    any     anywhere             anywhere   
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT
  345 62596 ACCEPT     all  --  br0    any     anywhere             anywhere   

Chain OUTPUT (policy ACCEPT 3862 packets, 2163K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FUPNP (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain NSFW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain PControls (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere   

Chain SECURITY (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     tcp  --  any    any     anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
    0     0 logdrop    tcp  --  any    any     anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
    0     0 RETURN     tcp  --  any    any     anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
    0     0 logdrop    tcp  --  any    any     anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
    0     0 RETURN     icmp --  any    any     anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
    0     0 logdrop    icmp --  any    any     anywhere             anywhere             icmp echo-request
    0     0 RETURN     all  --  any    any     anywhere             anywhere   

Chain SECURITY_PROTECT (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain logaccept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  any    any     anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere   

Chain logdrop (9 references)
 pkts bytes target     prot opt in     out     source               destination
  745  244K ACCEPT     all  --  eth0   any     anywhere             anywhere             match-set Whitelist src
    0     0 DROP       tcp  --  eth0   any     anywhere             anywhere             multiport sports www,https,imap2,imaps,pop3,pop3s,smtp,ssmtp state INVALID
    0     0 LOG        all  --  eth0   any     anywhere             anywhere             state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix "[BLOCKED - NEW BAN] "
    0     0 SET        all  --  eth0   any     anywhere             anywhere             state INVALID add-set Blacklist src
   98  9748 DROP       all  --  any    any     anywhere             anywhere   
admin@RT-AC3200-7180:/tmp/home/root#
 
bayern1975 said:
yes, my wan is ppp0
Click to expand...

Okay now this makes a whole lot more sense. Recently I switched from blocking every interface to just the value of "nvram get wan0_ifname" as it was conflicting with IPv6 setups. Clearly this doesn't work for users with similar setups to yours.

Whats the output of;

Code: 
nvram show | grep ppp0
 
You must log in or register to reply here.

Similar threads

O
Skynet Installing Skynet causes router to crash and reboot
2
Replies
26
Views
2K
Quoc Huynh
Q
U
Skynet Skynet and dig resolving completely different set of IP's
Replies
2
Views
725
ColinTaylor
C
W
Looking for an add-on that does...
Replies
5
Views
897
JGrana
JGrana
Viktor Jaep
Skynet Filter Validator v0.7 - Skynet Firewall Filter List IPv4 Integrity Validator
3 4 5
Replies
83
Views
10K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
topmusic
ddns ip whitelist with little script.
Replies
9
Views
985
topmusic
topmusic
Similar threads
Thread starter Title Forum Replies Date
O Skynet Installing Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 26
cofetym Diversion Diversion & Skynet Missing on GUI after Router Reboot. Asuswrt-Merlin AddOns 7
Gary_Dexter Blocking “RO” country code in Skynet blocks Proton VPN UK connections Asuswrt-Merlin AddOns 2
P Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode? Asuswrt-Merlin AddOns 12
John Fitzgerald Solved Skynet running slow with install/update issues from AMTM? Asuswrt-Merlin AddOns 10
B Skynet Source LAN IP for outbound IP blocked by SkyNet Asuswrt-Merlin AddOns 8
P Skynet Skynet errors Asuswrt-Merlin AddOns 8
ChickenheadOS Skynet Skynet 7.5.8 Firewall UI Issues Asuswrt-Merlin AddOns 18
P Send stats Division and Skynet to webhook or mqtt Asuswrt-Merlin AddOns 0
BATTLEPENCIL Skynet Unable to uninstall Skynet Asuswrt-Merlin AddOns 11

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 906 (members: 14, guests: 892)
Top