Skynet Skynet - Router Firewall & Security Enhancements

[JohnD5000]

Do u always answer for Adamm ??
Rude if u ask me

I've received a lot of great replies here from those other than the script authors.......this is a forum. If you want a personal reply, you should PM the person.

 

[Adamm]

Do u always answer for Adamm ??
Rude if u ask me

Not if you ask me. Those few helpful members like @dave14305 who help provide support save me countless amounts of time replying to easily answered questions that I may not have time to get around to otherwise. Support is a very time consuming task, I do eventually read every post in this thread and if there is something I disagree with I will post accordingly and correct them, but for the most part they do a great job.

 

[Adamm]

Is there a reason firehol level 1 isn’t included in the malware blocking lists by default? Thinking about adding it, but I see it’s 650 million ip’s vs 100,000. Is it too much for the hardware to process or too many false positives?

thanks for the help!

That list mostly comprises of "Bogons", we already pick all the good individually sourced lists from there.

 

[MuppetSoul]

I'm filtering only inbound traffic but Skynet's country ban isn't respecting the policy of inbound filtering and is blocking even outbound traffic to the banned country. Am I doing something wrong here? Or is this how the Skynet is intended to function?

 

[Adamm]

I'm filtering only inbound traffic but Skynet's country ban isn't respecting the policy of inbound filtering and is blocking even outbound traffic to the banned country. Am I doing something wrong here? Or is this how the Skynet is intended to function?

Most connections establish a handshake which requires traffic from both directions.

 

[nakti]

My USB is not working after updating the swap file. I had 1Gb and new version needed 2Gb, I tried to format the usb stick via asus router but did not work and when I put the USB to the computer it says RAW and write protected. Can't format or do anything on the USB now. How to get it back to FAT or EXT?

 

[L&LD]

Your USB drive has failed. Time for a new one.

 

[martinr]

My USB is not working after updating the swap file. I had 1Gb and new version needed 2Gb, I tried to format the usb stick via asus router but did not work and when I put the USB to the computer it says RAW and write protected. Can't format or do anything on the USB now. How to get it back to FAT or EXT?

How old is that usb? Have you looked online for what to try when you get that write-protected message? You can get that message when the USB is beyond redemption and there’s nothing that can be done other than getting a new one.

 

[nakti]

How old is that usb? Have you looked online for what to try when you get that write-protected message? You can get that message when the USB is beyond redemption and there’s nothing that can be done other than getting a new one.

Hi its not old but I did the diskpart stuff for remove the protection and still had issue. But now when I tried to do a full format and canceled it after 5 minutes and then remove the usb and connected it back and did a fast format and now its working.

 

[L&LD]

@nakti I would suggest you use amtm's built-in formatting options (Ext4, w/journalling and a 2GB swap file, single partition).

I would also suggest you perform a full 'Format the JFFS partition on next boot' (making sure to hit 'Apply' at the bottom of the page before you reboot twice in the next 15 minutes too). Save anything you feel necessary to copy from the JFFS before you do though.

 

[MuppetSoul]

Most connections establish a handshake which requires traffic from both directions.

Is there a way to limit country ban to inbound connections only?

 

[Adamm]

Is there a way to limit country ban to inbound connections only?

In the way your describing? No, not at this time. We don’t use contracking for performance reasons.

 

[Diamond67]

I have asked this before, but isn't there any way to delay the start of the Skynet until the Disk Check is finished and all the usb sticks (including the one with swap) are ready to go?

Because, practically, every time I start my router this happens:

Mar 20 10:47:29 Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 4 Of 10 )
.
.
.
Mar 20 10:47:52 Skynet: [*] Skynet Requires A SWAP File - Install One By Running ( /jffs/scripts/firewall debug swap install )
Mar 20 10:47:54 amtm disk-check: Probing 'ext2' on device /dev/sdc1
Mar 20 10:47:54 amtm disk-check: Running disk check v2.8, with command 'e2fsck -p' on /dev/sdc1
Mar 20 10:48:25 amtm disk-check: Disk check done on /dev/sdc1
Mar 20 10:48:27 syslog: USB ext2 fs at /dev/sdc1 mounted on /tmp/mnt/DT_1
Mar 20 10:48:27 usb: USB ext2 fs at /dev/sdc1 mounted on /tmp/mnt/DT_1.
Mar 20 10:48:34 custom_script: Running /jffs/scripts/post-mount (args: /tmp/mnt/DT_1)
Mar 20 10:48:35 kernel: Adding 1048572k swap on /tmp/mnt/DT_1/myswap.swp.  Priority:-1 extents:267 across:1218196k

After that the state of Skynet is "all red" (not green) and it must be restarted ([8]). If there is an update available (which often is the case), all this means some 10 minutes of waiting if you wanna be sure that Skynet is eventually up and running after for example cold starting the router when you come home from business travel and you have turned off the router before leaving (I don't keep my router available for hackers and cyber attackers 24/7 if I am away and nobody needs internet/wi-fi).

 

[Adamm]

I have asked this before, but isn't there any way to delay the start of the Skynet until the Disk Check is finished and all the usb sticks (including the one with swap) are ready to go?

Because, practically, every time I start my router this happens:

Mar 20 10:47:29 Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 4 Of 10 )
.
.
.
Mar 20 10:47:52 Skynet: [*] Skynet Requires A SWAP File - Install One By Running ( /jffs/scripts/firewall debug swap install )
Mar 20 10:47:54 amtm disk-check: Probing 'ext2' on device /dev/sdc1
Mar 20 10:47:54 amtm disk-check: Running disk check v2.8, with command 'e2fsck -p' on /dev/sdc1
Mar 20 10:48:25 amtm disk-check: Disk check done on /dev/sdc1
Mar 20 10:48:27 syslog: USB ext2 fs at /dev/sdc1 mounted on /tmp/mnt/DT_1
Mar 20 10:48:27 usb: USB ext2 fs at /dev/sdc1 mounted on /tmp/mnt/DT_1.
Mar 20 10:48:34 custom_script: Running /jffs/scripts/post-mount (args: /tmp/mnt/DT_1)
Mar 20 10:48:35 kernel: Adding 1048572k swap on /tmp/mnt/DT_1/myswap.swp.  Priority:-1 extents:267 across:1218196k

After that the state of Skynet is "all red" (not green) and it must be restarted ([8]). If there is an update available (which often is the case), all this means some 10 minutes of waiting if you wanna be sure that Skynet is eventually up and running after for example cold starting the router when you come home from business travel and you have turned off the router before leaving (I don't keep my router available for hackers and cyber attackers 24/7 if I am away and nobody needs internet/wi-fi).

Disk check only takes seconds on my 8GB flash drive formatted as ext4. If your checks are taking longer then 2 minutes there's unfortunately no avoiding this issue as your device isn't mounted (thus Skynet can't find the files). You will have to either continue as-is or remove the automated disk checking.

 

[JT Strickland]

I have a follow up question to what I asked before, if I may, and I will be thankful to anyone who answers it. I had thought that Skynet was blocking my VPN provider, Windscribe, but am now not so sure, so I have yet to whitelist it. It may be a bogie, using the same VPN provider, but why is it an outbound block? I would understand if it was an inbound. The link to my main HTTP outbound (27 blocks recently) is:

Last Seen
us-east.windscribe.com A 156.96.59.102 2020-02-22 06:09 2020-03-04 06:01
SHOWING 1 TO 1 OF 1 ENTRIES

If this is a bogie, why is it an outbound block from my pc and not an inbound? I apologize if this is a redundant question, but have not found the answer yet, and know not where else to ask.
TIA,
jts

 

[Adamm]

I have a follow up question to what I asked before, if I may, and I will be thankful to anyone who answers it. I had thought that Skynet was blocking my VPN provider, Windscribe, but am now not so sure, so I have yet to whitelist it. It may be a bogie, using the same VPN provider, but why is it an outbound block? I would understand if it was an inbound. The link to my main HTTP outbound (27 blocks recently) is:

Last Seen
us-east.windscribe.com A 156.96.59.102 2020-02-22 06:09 2020-03-04 06:01
SHOWING 1 TO 1 OF 1 ENTRIES

If this is a bogie, why is it an outbound block from my pc and not an inbound? I apologize if this is a redundant question, but have not found the answer yet, and know not where else to ask.
TIA,
jts

Outbound block = Connection initiated from your local device
Inbound block = Connection initiated from a remote device

 

[JT Strickland]

Thank you. How does one determine what initiated the local device connection? It may be over my head?
What can I read, besides the over 6k posts here, to learn more about Skynet in particular? I haven't read them all, by any means, but am overwhelmed a bit.

 

[Adamm]

Thank you. How does one determine what initiated the local device connection? It may be over my head?

You would have to investigate the individual devices as Skynet only processes the packets once they leave your device. You can use the port information to give you a rough idea.

What can I read, besides the over 6k posts here, to learn more about Skynet in particular? I haven't read them all, by any means, but am overwhelmed a bit.

The first two posts in the thread have all the important info / possible functions.

 

[JT Strickland]

Thanks again. I will re-read the first posts over and maybe more will stick this time.

 

[MuppetSoul]

In the way your describing? No, not at this time. We don’t use contracking for performance reasons.

Perhaps I am describing it wrong.

I've been using this country block script which blocks incoming IPs from certain countries. I can still access content and websites from blocked countries if the connection is outgoing. The downside to the script is that it has a 64k hard limit which shouldn't be an issue on my router as my ipset version is 6.32 but I guess that's the limitation of the script. This is partly why I wanted to switch to Skynet but I still like to be able to access content and websites from a country that I have otherwise blocked for incoming connections. This is what I'm hoping to get out of Skynet.