Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

skeal

Part of the Furniture

Safemode

Regular Contributor
Just ran the update on a rt ac3200 and now i get these 2 errors :
Downloading filter.list | [0s]
Refreshing Whitelists | /jffs/scripts/firewall: line 5228: can't fork
[7s]
Consolidating Blacklist | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
-*-
Any help would be greatly appreciated.
 

Adamm

Part of the Furniture
Just ran the update on a rt ac3200 and now i get these 2 errors :
Downloading filter.list | [0s]
Refreshing Whitelists | /jffs/scripts/firewall: line 5228: can't fork
[7s]
Consolidating Blacklist | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
-*-
Any help would be greatly appreciated.

What firmware version (and device) are you using? Skynet will now require v384.13 or the curl package from entware.
 

Safemode

Regular Contributor
What firmware version (and device) are you using? Skynet will now require v384.13 or the curl package from entware.
Running latest firmware for router specified (asus rtac3200 , 384.13_2 ) and my device is an hard drive formatted to ext4 running the scripts.
 

dev_null

Senior Member
What firmware version (and device) are you using? Skynet will now require v384.13 or the curl package from entware.
Would you consider retaining a "legacy version" similar to John's fork for those that cannot support the newer versions of AsusWrt? Maybe in an archive someplace? Caveated that no updates are being made but core functionality should work, etc, etc.
 

Adamm

Part of the Furniture
Running latest firmware for router specified (asus rtac3200 , 384.13_2 ) and my device is an hard drive formatted to ext4 running the scripts.

Thats weird, whats the output of

Code:
curl --version
wc -l /jffs/shared-*




Would you consider retaining a "legacy version" similar to John's fork for those that cannot support the newer versions of AsusWrt? Maybe in an archive someplace? Caveated that no updates are being made but core functionality should work, etc, etc.

Worst case scenario entware hosts the latest version of curl so users could instead use that;

[email protected]:/tmp/home/root# opkg list | grep "curl - 7"
curl - 7.66.0-1 - A client-side URL transfer utility
 

Zastoff

Very Senior Member
Got the same on malware blacklist update as @Safemode
Code:
[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | [16s]
[i] Consolidating Blacklist         | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
curl --version
Code:
curl 7.65.3 (arm-unknown-linux-gnu) libcurl/7.65.3 OpenSSL/1.0.2t zlib/1.2.5
Release-Date: 2019-07-19
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

wc -l /jffs/shared-*
Code:
 44 /jffs/shared-Diversion-whitelist
 1 /jffs/shared-SelectiveRouting-whitelist
 20 /jffs/shared-Skynet-whitelist
 14 /jffs/shared-Skynet2-whitelist
 79 total
 

Adamm

Part of the Furniture
Running latest firmware for router specified (asus rtac3200 , 384.13_2 ) and my device is an hard drive formatted to ext4 running the scripts.

Got the same on malware blacklist update as @Safemode
Code:
[i] Downloading filter.list         | [0s]
[i] Refreshing Whitelists           | [16s]
[i] Consolidating Blacklist         | curl: option -fsLZ: is unknown
curl: try 'curl --help' for more information
[0s]
[*] List Content Error Detected - Stopping Banmalware
curl --version
Code:
curl 7.65.3 (arm-unknown-linux-gnu) libcurl/7.65.3 OpenSSL/1.0.2t zlib/1.2.5
Release-Date: 2019-07-19
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

wc -l /jffs/shared-*
Code:
 44 /jffs/shared-Diversion-whitelist
 1 /jffs/shared-SelectiveRouting-whitelist
 20 /jffs/shared-Skynet-whitelist
 14 /jffs/shared-Skynet2-whitelist
 79 total


Oops, didn't realize the AC3200 / AC87U were only still on v384.13_2 which has the old curl version. You will have to either download the curl package from entware until the firmware update is available (this should work) or roll back to the previous Skynet version.

Roll back to Skynet v6.9.2;

Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/aac085a8866e95081e0713a78c760905aae885d1/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall
 
Last edited:

randomName

Very Senior Member
Just manually updated to the latest 7.0, running Merlin 384.14, will report issues, if any,

Thank you for your time and effort :)
 

Zastoff

Very Senior Member
Oops, didn't realize the AC3200 / AC87U were only still on v384.13_2 which has the old curl version. You will have to either download the curl package from entware until the firmware update is available (this should work) or roll back to the previous Skynet version.

To download curl via entware;

Code:
opkg update
opkg install curl

Or to roll back to Skynet v6.9.2;

Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/aac085a8866e95081e0713a78c760905aae885d1/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall
Updated curl via entware
Now i get
Code:
/tmp/home/root# curl --version
curl 7.66.0 (arm-openwrt-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
Release-Date: 2019-09-11
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz SSL
But still get the error message when i do the malware blacklist update
Tried the ep (update/upgrade) option in amtm after that aswell
 

Adamm

Part of the Furniture
Updated curl via entware
Now i get
Code:
/tmp/home/root# curl --version
curl 7.66.0 (arm-openwrt-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
Release-Date: 2019-09-11
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz SSL
But still get the error message when i do the malware blacklist update
Tried the ep (update/upgrade) option in amtm after that aswell

Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
 

Zastoff

Very Senior Member
Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
Thanks Adamm
Will do the downgrade

edit:
Working fine again with v6.9.2 and fingers crossed for another awesome firmware update from RMerlin ;)
 
Last edited:

Twiglets

Senior Member
Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
Hacky TEMP solution is to add your 'correct' path to wherever the 'new' curl is installed to the first line after the banner of the 'firewall' script.

i.e.
export PATH=/tmp/mnt/usb-data/entware/bin:/sbin:/bin:/usr/sbin:/usr/bin$PATH
This almost could be done *temporarily* in the shell *without* changing your script but you understandably force the '/sbin:/bin:/usr/sbin:/usr/bin' path to the front of the PATH environment variable, therefore the script needs to be slightly edited.

I will delete this post if this is a BIG 'No No' as I can understand that changes to your script will make supporting users a 'Pain', even if it is meant to be temporary. :)
 

Adamm

Part of the Furniture
Hacky TEMP solution is to add your 'correct' path to wherever the 'new' curl is installed to the first line after the banner of the 'firewall' script.

i.e.
export PATH=/tmp/mnt/usb-data/entware/bin:/sbin:/bin:/usr/sbin:/usr/bin$PATH
This almost could be done *temporarily* in the shell *without* changing your script but you understandably force the '/sbin:/bin:/usr/sbin:/usr/bin' path to the front of the PATH environment variable, therefore the script needs to be slightly edited.

I will delete this post if this is a BIG 'No No' as I can understand that changes to your script will make supporting users a 'Pain', even if it is meant to be temporary. :)

If they remove the existing "export PATH" line manually from Skynet they will also get this effect. But for most users its probably easier to just wait for a firmware update
 

Adamm

Part of the Furniture
Thanks again and congrats with the 1000th Github commit.
I made you a small donation with PayPal for all the hard work!

Appreciate the kind words and generosity ;)
 

CaptainSTX

Part of the Furniture

Mutzli

Very Senior Member
Thank you for the update. The new logo looks great in Windows Terminal:
upload_2019-12-19_14-22-27.png
 
Last edited:

cmkelley

Very Senior Member
Thought that might be the case, because we prioritize native binaries Skynet is still trying to use the older version. You unfortunately will have to downgrade to v6.9.2 for now until a new firmware is available with the updated curl component.
I'm curious about that choice. Have you found incompatibilities between the busybox and Entware implementations of utilities other than busybox being only a subset of the Entware implementation? I'm careful to set my path to prefer Entware normally, and so far I haven't had any issues, but is there a reason I should do it differently?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top