Menu
What's new
By:
Filters Better Search

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Adamm said:
For a generalized overview you can use the stats command;

Code: 
sh /jffs/scripts/firewall stats

For an individual search, use the following command;

Code: 
sh /jffs/scripts/firewall stats search ip xxx.xxx.xxx.xxx

Where the individual computer will be the SRC address in these logs.
Click to expand...

Adamm,

Thanks, is there a wiki that lists all commands? I also want to clear all the logs and reports, as i have reformatted most of my PCs at my home.

I see two sets of IP ranges as source blocked IPs, my normal set 192.168.x.x. and then those in 100.x.x.x which is NOT my IP range, internal or external. --that has me very concerned.
 
glenn g said:
Thanks, is there a wiki that lists all commands? I also want to clear all the logs and reports, as i have reformatted most of my PCs at my home.
Click to expand...

The second post of this thread lists every possible command (along with the built-in menu).

glenn g said:
I see two sets of IP ranges as source blocked IPs, my normal set 192.168.x.x. and then those in 100.x.x.x which is NOT my IP range, internal or external. --that has me very concerned.
Click to expand...

The debug info command should list every device on your network

Code: 
sh /jffs/scripts/firewall debug info
 
  • Like
Reactions: a5m
I just wanted to ask as someone who has never use the script before but is extremely curious about it how resource intensive is it, if that's not to silly of a question to ask.
 
Vexira said:
I just wanted to ask as someone who has never use the script before but is extremely curious about it how resource intensive is it, if that's not to silly of a question to ask.
Click to expand...

As the core of this script is just a few IPTables rules and IPSets, the performance impact when idle is immeasurable. The only time we really use system resources is during a malware list update which happens once per day/week depending on your settings and takes a minute or two at most.
 
Adamm said:
As the core of this script is just a few IPTables rules and IPSets, the performance impact when idle is immeasurable. The only time we really use system resources is during a malware list update which happens once per day/week depending on your settings and takes a minute or two at most.
Click to expand...
Awesome thanks I'll definitely install it tomorrow, the more security the better, especially because I do online banking.

Thank you for the fast response.
 
I had an anomaly in Skynet today, not a problem, just the first time anything like this has happened in the years it has been running on a AC68U and now an AC86U, Banmalware daily update did not run. Hmmm.

Code: 
Apr  5 00:00:03 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 3641 Inbound -- 84 Outbound Connections Blocked! [save] [3s]
Apr  5 01:00:03 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 3805 Inbound -- 84 Outbound Connections Blocked! [save] [3s]
Apr  5 02:00:03 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 3990 Inbound -- 84 Outbound Connections Blocked! [save] [3s]
Apr  5 03:00:04 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 4177 Inbound -- 84 Outbound Connections Blocked! [save] [4s]
Apr  5 04:00:04 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 4350 Inbound -- 84 Outbound Connections Blocked! [save] [3s]
Apr  5 05:00:03 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 4559 Inbound -- 84 Outbound Connections Blocked! [save] [3s]
Apr  5 06:00:03 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 4816 Inbound -- 84 Outbound Connections Blocked! [save] [3s]
Apr  5 07:00:03 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 5067 Inbound -- 84 Outbound Connections Blocked! [save] [3s]
Apr  5 08:00:04 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 5248 Inbound -- 84 Outbound Connections Blocked! [save] [4s]
Apr  5 09:00:03 RT-AC86U-4608 Skynet: [#] 184033 IPs (+0) -- 1766 Ranges Banned (+0) || 5435 Inbound -- 84 Outbound Connections Blocked! [save] [3s]

username@RT-AC86U-4608:/tmp/home/root# cru l
Code: 
0 22 * * * /jffs/scripts/ledsoff.sh #lights_off#
0 7 * * * /jffs/scripts/ledson.sh #lights_on#
3 */8 * * * service restart_httpd #restart_httpd#
*/2 * * * * /etc/openvpn/server1/vpns-watchdog1.sh #CheckVPNServer1#
5 0 * * * /opt/sbin/logrotate /opt/etc/logrotate.conf >> /opt/tmp/logrotate.daily 2>&1 #logrotate#
00 2 * * Wed sh /opt/share/diversion/file/update-bl.div reset #Diversion_UpdateBL#
20 5 * * * sh /opt/share/diversion/file/rotate-logs.div #Diversion_RotateLogs#
20 17 * * * diversion count_ads count #Diversion_CountAds#
30 1 * * Wed sh /opt/share/diversion/file/stats.div #Diversion_WeeklyStats#
25 2 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
5 1 * * Mon sh /jffs/scripts/firewall update #Skynet_autoupdate#
0 * * * * sh /jffs/scripts/firewall save #Skynet_save#
 
What's Skynet default filter url?

@Butterfly Bones
As I recall, banmalware update time was changed now to a completely random update time. (daily)
Since you only see 9 hours, it may happen sometime in the next 15 hours?
Please, somebody correct me if I'm wrong.
 
Last edited:
Ubimo said:
What's Skynet default filter url?

@Butterfly Bones
As I recall, banmalware update time was changed now to a completely random update time.
Since you only see 9 hours, it may happen sometime in the next 15 hours?
Please somebody correct me if I'm wrong.
Click to expand...
Yes, but you an look at the cron jobs and see the time, the random time is only when Skynet restarts, not a dynamically random time all day. If you look at the cron list I posted it was scheduled for 0225 this morning and did not run.
Code: 
25 2 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
 
i just cannot figure out why this is listed as an outbound device IP : 100.64.16.29 , but all of mine are 192.168.x.x . such an IP should not be routable from inside my network correct? any way to find out the real source IP?

Apr 5 23:23:13 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33239 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E0DB0000000001030306)
Apr 5 23:23:14 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33240 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E1410000000001030306)
Apr 5 23:23:16 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33241 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E20B0000000001030306)
Apr 5 23:23:20 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33242 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E39E0000000001030306)
 
glenn g said:
i just cannot figure out why this is listed as an outbound device IP : 100.64.16.29 , but all of mine are 192.168.x.x . such an IP should not be routable from inside my network correct? any way to find out the real source IP?

Apr 5 23:23:13 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33239 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E0DB0000000001030306)
Apr 5 23:23:14 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33240 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E1410000000001030306)
Apr 5 23:23:16 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33241 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E20B0000000001030306)
Apr 5 23:23:20 Harbor_Master-DAEC634-C kernel: [BLOCKED - OUTBOUND] IN= OUT=tun11 SRC=100.64.16.29 DST=192.101.249.149 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33242 DF PROTO=TCP SPT=53638 DPT=142 SEQ=4286275852 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0158E39E0000000001030306)
Click to expand...
Are you running a VPN Client on the router to a VPN provider? tun11 suggests you are.
 
dave14305 said:
Are you running a VPN Client on the router to a VPN provider? tun11 suggests you are.
Click to expand...

I am running a VPN tunnel from the router. Pushing all my traffic through it to get around geo restrictions. however i just never thought that stuff would be coming back through it.

Does this imply an infection on my PCs ( which all just have 192.168.x.x. addresses) as the only IP that has this 100.64.x.x. would be the tunnel itself found on the router. I do not think so, i believe it sounds more like beaconing coming back from the tunnel itself right? in this company's implementation, i know i share an IP address with others on the outside, that way i have anonymity as well, as the provider does not keep logs and my sharing of one fully routable IP address means it is impossible to know who actually did what.

what are the community thoughts?
 
I've installed the script seems to be working well, just wondering where would I be able to source some good country based block list, for example an Australian one and one the covers the Philippines.
 
glenn g said:
I am running a VPN tunnel from the router. Pushing all my traffic through it to get around geo restrictions. however i just never thought that stuff would be coming back through it.

Does this imply an infection on my PCs ( which all just have 192.168.x.x. addresses) as the only IP that has this 100.64.x.x. would be the tunnel itself found on the router. I do not think so, i believe it sounds more like beaconing coming back from the tunnel itself right? in this company's implementation, i know i share an IP address with others on the outside, that way i have anonymity as well, as the provider does not keep logs and my sharing of one fully routable IP address means it is impossible to know who actually did what.

what are the community thoughts?
Click to expand...

192.101.249.149 is the IP being blocked (the destination) as its an outbound block.
 
Hi
In ssh I typed
Code: 
sh /jffs/scripts/firewall ban country "ru sg pk cn sa"
all ok.
Then I wanted to know, how I can remember the countries I've banned?
So I went into main menu, 2, 4, and saw the country codes. (Edit: Just realised, I see the countries also in main menu)
Now, I wanted to exit this menu and thought I have to type "e" to exit.
But this command removed all countries. How can I exit this menu "the right way"?

Edit1:
Ah, I think I understand now. I cannot remove or add one country at a time.
I always have to enter all country codes at once in one line?

Edit2:
I can still access this website although I banned ru?
https://4pda.ru/forum/index.php?showtopic=881982

Edit3:
No, I can't, was just the cache.

Edit4:
Also, main menu, 1, 5 removes all countries without question which one.

Edit5:
Resetting stats does not reset "23842 outbound connections blocked".
 
Last edited:
Hi, my question is if this is working correctly cuz since i've install Skynet it never catch anything I wander if this is because of the ROUTER IP 192.168.50.1 is different from IP 192.168.1.1?
I've tried to open banned IP and skynet works but since that nothing happens
The AX88U is behind ISP router maybe that's why?!
Router Model; RT-AX88U
iptables v1.4.15 - (eth0 @ 192.168.50.1)
IP Address; (192.168.1.1)
 
Last edited:
Mr7ndr3 said:
Hi, my question is if this is working correctly cuz since i've install Skynet it never catch anything I wander if this is because of the ROUTER IP 192.168.50.1 is different from IP 192.168.1.1?
I've tried to open banned IP and skynet works but since that nothing happens
The AX88U is behind ISP router maybe that's why?!
Router Model; RT-AX88U
iptables v1.4.15 - (eth0 @ 192.168.50.1)
IP Address; (192.168.1.1)
Click to expand...
You say the AX88U is behind the ISP router. How is that ISP router set up; is it in bridge mode so that it is, effectively, your modem?

And you say “since that, nothing happens”. What exactly do you mean by “nothing”, or, what were you expecting to see?
 
RMerlin said:
There is generally no point in blocking countries on a home connection when all these connection attempts are already dropped by your firewall's default policy (which is DROP). Such blocklists only make sense if you are actually hosting an Internet-facing server (like a website) and wanted to limit access to it.
Click to expand...
So is it possible in that case to block VPN connections, I've been meaning to host a 7 days to die server but, now curious about preventing Chinese players from joining, when they do it causes lag plus only the ones who like to use cheats seem to join.

And for some reason when players who are not here form Australia join the game breaks and the server has a fit, happens one every server I've joined, here in Australia for that game.

And yes Aussie internet leaves alot to be desired, makes me sad, because my overseas mates can't join.
 
You must log in or register to reply here.

Similar threads

O
Skynet Installing Skynet causes router to crash and reboot
2
Replies
26
Views
2K
Quoc Huynh
Q
U
Skynet Skynet and dig resolving completely different set of IP's
Replies
2
Views
724
ColinTaylor
C
W
Looking for an add-on that does...
Replies
5
Views
896
JGrana
JGrana
Viktor Jaep
Skynet Filter Validator v0.7 - Skynet Firewall Filter List IPv4 Integrity Validator
3 4 5
Replies
83
Views
10K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
topmusic
ddns ip whitelist with little script.
Replies
9
Views
984
topmusic
topmusic
Similar threads
Thread starter Title Forum Replies Date
O Skynet Installing Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 26
cofetym Diversion Diversion & Skynet Missing on GUI after Router Reboot. Asuswrt-Merlin AddOns 7
Gary_Dexter Blocking “RO” country code in Skynet blocks Proton VPN UK connections Asuswrt-Merlin AddOns 0
P Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode? Asuswrt-Merlin AddOns 12
John Fitzgerald Solved Skynet running slow with install/update issues from AMTM? Asuswrt-Merlin AddOns 10
B Skynet Source LAN IP for outbound IP blocked by SkyNet Asuswrt-Merlin AddOns 8
P Skynet Skynet errors Asuswrt-Merlin AddOns 8
ChickenheadOS Skynet Skynet 7.5.8 Firewall UI Issues Asuswrt-Merlin AddOns 18
P Send stats Division and Skynet to webhook or mqtt Asuswrt-Merlin AddOns 0
BATTLEPENCIL Skynet Unable to uninstall Skynet Asuswrt-Merlin AddOns 11

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,030 (members: 43, guests: 987)
Top