Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

andresmorago

Senior Member
Skynet filters all clients connected to the routers OpenVPN server.
hello @Adamm
i have done some checking and i believe this isnt happening to me. can you please advise?

im using ip 185.153.199.53 as blocking example. this is in skynet blacklist

10.0.0.7 is connected directly to router. when i ping or do tracert from this device, it indeed gets blocked by skynet

Code:
Apr 19 15:14:18 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:ed:fb:ac:05:48:xx:xx:xx:6f:63:xx:xx:xxSRC=10.0.0.7 DST=185.153.199.53 LEN=92 TOS=0x00 PREC=0x00 TTL=13 ID=25891 PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=60136
1.JPG
Code:
/opt/bin/firewall stats search ip 10.0.0.7 10
[i] Logging Data Detected in /tmp/mnt/sda1/skynet/skynet.log - 8.7M
[i] Monitoring From Apr 16 03:00:05 To Apr 19 15:23:01
[i] 33467 Block Events Detected
[i] 3329 Unique IPs
[i] 9 Manual Bans Issued

10.0.0.7 is in set Skynet-Whitelist.
10.0.0.7 is NOT in set Skynet-Blacklist.
10.0.0.7 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
 10.0.0.2 "PrivateIP"
 10.0.0.7 "PrivateIP"
 10.0.0.0/8 "nvram: lan_ipaddr"
 10.0.0.66 "PrivateIP"
 10.0.0.32 "PrivateIP"
 10.0.0.6 "Shared-Whitelist: pagead2.googlesyndication.com"


[i] IP Location - Undefined (Undefined / Undefined)

[i] 10.0.0.7 First Tracked On Apr 16 03:03:02
[i] 10.0.0.7 Last Tracked On Apr 19 15:17:46
[i] 194 Blocks Total

Event Log Entries From 10.0.0.7;

First Block Tracked From 10.0.0.7;
Apr 16 03:03:02 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=4c:ed:fb:ac:xx:xx:xx:23:24:xx:63:xx:xx:xx SRC=10.0.0.7 DST=180.87.4.143 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=169

10 Most Recent Blocks From 10.0.0.7;
Apr 19 15:17:42 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=4c:ed:fb:ac:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=10.0.0.7 DST=185.153.199.53 LEN=92 TOS=0x00 PREC=0x00 TTL=30 ID=25
Apr 19 15:17:46 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=4c:ed:fb:ac:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx0 SRC=10.0.0.7 DST=185.153.199.53 LEN=92 TOS=0x00 PREC=0x00 TTL=30 ID=25


Top 10 Targeted Ports From 10.0.0.7 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

-*-

Top 10 Sourced Ports From 10.0.0.7 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

-*-


=============================================================================================================


[#] 188242 IPs (+0) -- 15244 Ranges Banned (+0) || 488 Inbound -- 90 Outbound Connections Blocked! [stats] [35s]


10.0.1.2 is connected to the router via openvpn. routers openvpn server is 10.0.1.1 btw
in this case, running a tracert from my vpn client shows all hops and there is no sign of skynet blocking it. also, there is no output on log file
2.JPG
Code:
[$] /opt/bin/firewall stats search ip 10.0.1.2 10


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/sda1/skynet/skynet.log - 8.7M
[i] Monitoring From Apr 16 03:00:05 To Apr 19 15:21:01
[i] 33455 Block Events Detected
[i] 3327 Unique IPs
[i] 9 Manual Bans Issued

10.0.1.2 is in set Skynet-Whitelist.
10.0.1.2 is NOT in set Skynet-Blacklist.
10.0.1.2 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
*--
-*-
[i] IP Location - Undefined (Undefined / Undefined)

[i] 10.0.1.2 First Tracked On
[i] 10.0.1.2 Last Tracked On
[i] 0 Blocks Total

Event Log Entries From 10.0.1.2;

First Block Tracked From 10.0.1.2;
-*-
10 Most Recent Blocks From 10.0.1.2;
*--

Top 10 Targeted Ports From 10.0.1.2 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

*--

Top 10 Sourced Ports From 10.0.1.2 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

--*
*--

=============================================================================================================


[#] 188242 IPs (+0) -- 15244 Ranges Banned (+0) || 480 Inbound -- 90 Outbound Connections Blocked! [stats] [33s]
 
Last edited:

Adamm

Part of the Furniture
Select Debug Option:
[1] --> Show Log Entries As They Appear
[2] --> Print Debug Info
[3] --> Cleanup Syslog Entries
[4] --> SWAP File Management
[5] --> Backup Skynet Files
[6] --> Restore Skynet Files

[1-6]: 1

[*] Skynet Not Running - Exiting

[email protected]:/tmp/home/root#


---------------------------------------------

Im going to do another full reinstall and get back to you with results.


edit;
Did a full reinstall and still running in to same exact issue.

You selected the wrong menu entry for starters, secondly you didn’t also post the contents of your syslog from the WebUI;

Code:
sh /jffs/scripts/firewall debug info
 

KGB7

Very Senior Member
You selected the wrong menu entry for starters, secondly you didn’t also post the contents of your syslog from the WebUI;

Code:
sh /jffs/scripts/firewall debug info

Router Model; RT-AC68U
Skynet Version; v7.1.6 (19/04/2020) (3231cf7fb6fa8092ead287d0c76a47e8)
iptables v1.4.15 - ( @ 192.160.100.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.4)
FW Version; 384.16_0 (Apr 5 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda1/skynet (1.5G / 3.7G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)
Uptime; 0 days, 22 hours, 10 minutes.
Ram Available; (174M / 249M)

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Failed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

15/16 Tests Sucessful

[*] Rule Integrity Violation - [ #6 #16 ]


EDIT:

I cant post the log, because I get this message from the forums.

The following error occurred:

Sorry, you have been blocked
You are unable to access snbforums.com
 
Last edited:

Butterfly Bones

Very Senior Member
Router Model; RT-AC68U
Skynet Version; v7.1.6 (19/04/2020) (3231cf7fb6fa8092ead287d0c76a47e8)
iptables v1.4.15 - ( @ 192.160.100.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.4)
FW Version; 384.16_0 (Apr 5 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda1/skynet (1.5G / 3.7G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)
Uptime; 0 days, 22 hours, 10 minutes.
Ram Available; (174M / 249M)

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Failed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

15/16 Tests Sucessful

[*] Rule Integrity Violation - [ #6 #16 ]


EDIT:

I cant post the log, because I get this message from the forums.

The following error occurred:

Sorry, you have been blocked
You are unable to access snbforums.com
Put the log on pastebin.com and post the link to it here. This is the security feature of SNB keeping you from posting malware. I does not understand data logs, happens to all of us. o_O
 

dave14305

Part of the Furniture
Alright. Lets see if this works.

https://pastebin.com/vHN3sFiw

@Adamm



Thanks Butterfly.
Your WAN interface is eth3, which seems unusual to me (at least on my router). Are you doing something with Dual WAN or USB modem?

Skynet will apply the rules to the interface that is listed under:
Code:
nvram get wan0_ifname
If this isn’t eth3 for you, it explains why it doesn’t work for you. I understand that Adamm has not implemented support for anything Dual-WAN related because he has no way to test it.
 
Last edited:

Adamm

Part of the Furniture
hello @Adamm
i have done some checking and i believe this isnt happening to me. can you please advise?

im using ip 185.153.199.53 as blocking example. this is in skynet blacklist

10.0.0.7 is connected directly to router. when i ping or do tracert from this device, it indeed gets blocked by skynet

Code:
Apr 19 15:14:18 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:ed:fb:ac:05:48:xx:xx:xx:6f:63:xx:xx:xxSRC=10.0.0.7 DST=185.153.199.53 LEN=92 TOS=0x00 PREC=0x00 TTL=13 ID=25891 PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=60136
View attachment 22839
Code:
/opt/bin/firewall stats search ip 10.0.0.7 10
[i] Logging Data Detected in /tmp/mnt/sda1/skynet/skynet.log - 8.7M
[i] Monitoring From Apr 16 03:00:05 To Apr 19 15:23:01
[i] 33467 Block Events Detected
[i] 3329 Unique IPs
[i] 9 Manual Bans Issued

10.0.0.7 is in set Skynet-Whitelist.
10.0.0.7 is NOT in set Skynet-Blacklist.
10.0.0.7 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
 10.0.0.2 "PrivateIP"
 10.0.0.7 "PrivateIP"
 10.0.0.0/8 "nvram: lan_ipaddr"
 10.0.0.66 "PrivateIP"
 10.0.0.32 "PrivateIP"
 10.0.0.6 "Shared-Whitelist: pagead2.googlesyndication.com"


[i] IP Location - Undefined (Undefined / Undefined)

[i] 10.0.0.7 First Tracked On Apr 16 03:03:02
[i] 10.0.0.7 Last Tracked On Apr 19 15:17:46
[i] 194 Blocks Total

Event Log Entries From 10.0.0.7;

First Block Tracked From 10.0.0.7;
Apr 16 03:03:02 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=4c:ed:fb:ac:xx:xx:xx:23:24:xx:63:xx:xx:xx SRC=10.0.0.7 DST=180.87.4.143 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=169

10 Most Recent Blocks From 10.0.0.7;
Apr 19 15:17:42 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=4c:ed:fb:ac:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=10.0.0.7 DST=185.153.199.53 LEN=92 TOS=0x00 PREC=0x00 TTL=30 ID=25
Apr 19 15:17:46 RT-AC3100-0548 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=4c:ed:fb:ac:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx0 SRC=10.0.0.7 DST=185.153.199.53 LEN=92 TOS=0x00 PREC=0x00 TTL=30 ID=25


Top 10 Targeted Ports From 10.0.0.7 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

-*-

Top 10 Sourced Ports From 10.0.0.7 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

-*-


=============================================================================================================


[#] 188242 IPs (+0) -- 15244 Ranges Banned (+0) || 488 Inbound -- 90 Outbound Connections Blocked! [stats] [35s]


10.0.1.2 is connected to the router via openvpn. routers openvpn server is 10.0.1.1 btw
in this case, running a tracert from my vpn client shows all hops and there is no sign of skynet blocking it. also, there is no output on log file
View attachment 22840
Code:
[$] /opt/bin/firewall stats search ip 10.0.1.2 10


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/sda1/skynet/skynet.log - 8.7M
[i] Monitoring From Apr 16 03:00:05 To Apr 19 15:21:01
[i] 33455 Block Events Detected
[i] 3327 Unique IPs
[i] 9 Manual Bans Issued

10.0.1.2 is in set Skynet-Whitelist.
10.0.1.2 is NOT in set Skynet-Blacklist.
10.0.1.2 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
*--
-*-
[i] IP Location - Undefined (Undefined / Undefined)

[i] 10.0.1.2 First Tracked On
[i] 10.0.1.2 Last Tracked On
[i] 0 Blocks Total

Event Log Entries From 10.0.1.2;

First Block Tracked From 10.0.1.2;
-*-
10 Most Recent Blocks From 10.0.1.2;
*--

Top 10 Targeted Ports From 10.0.1.2 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

*--

Top 10 Sourced Ports From 10.0.1.2 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

--*
*--

=============================================================================================================


[#] 188242 IPs (+0) -- 15244 Ranges Banned (+0) || 480 Inbound -- 90 Outbound Connections Blocked! [stats] [33s]


I can't reproduce this on my end.


Code:
[email protected]:/tmp/home/root# firewall ban domain adam.com
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            16/04/2020 - v7.1.6                                            #
#############################################################################################################


=============================================================================================================


[i] Adding adam.com To Blacklist
[i] Banning 64.238.206.176
[i] Saving Changes


=============================================================================================================


[#] 187588 IPs (+1) -- 1926 Ranges Banned (+0) || 629 Inbound -- 0 Outbound Connections Blocked! [ban] [5s]



[email protected]:/tmp/home/root# sh /jffs/scripts/firewall debug watch
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            16/04/2020 - v7.1.6                                            #
#############################################################################################################


=============================================================================================================


[i] Watching Syslog For Log Entries (ctrl +c) To Stop

Apr 20 20:06:31 kernel: [BLOCKED - INBOUND] IN=ppp0 OUT= MAC= SRC=64.238.206.176 DST=xx.xx.xx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=235 ID=36457 DF PROTO=TCP SPT=80 DPT=52691 SEQ=4007838813 ACK=623614145 WINDOW=4083 RES=0x00 ACK SYN URGP=0 OPT (02040564010303000101080A970D0
Associated Domain(s) - [adam.com]
 

andresmorago

Senior Member
I can't reproduce this on my end.
hello @Adamm
i dont have any ppp interfaces but tun interfaces. could this be the reason?

tun21 is the openvpn server running at my router
Code:
[email protected]:/tmp/home/root# ifconfig
br0       Link encap:Ethernet  HWaddr
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:5805833 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9982969 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1640308778 (1.5 GiB)  TX bytes:11185814055 (10.4 GiB)

br0:pixelserv-t Link encap:Ethernet  HWaddr
          inet addr:10.0.0.6  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr
          inet addr:xxxxx  Bcast:xxxxx  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:42563485 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16984017 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:618237912 (589.5 MiB)  TX bytes:926481907 (883.5 MiB)
          Interrupt:181 Base address:0x6000

eth1      Link encap:Ethernet  HWaddr
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1259793 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:674668847 (643.4 MiB)

eth2      Link encap:Ethernet  HWaddr
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10293595 errors:0 dropped:24231 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:678945831 (647.4 MiB)

fwd0      Link encap:Ethernet  HWaddr
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1244329 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1033598 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:433242143 (413.1 MiB)
          Interrupt:179 Base address:0x4000

fwd1      Link encap:Ethernet  HWaddr
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:10301458 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4387592 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:1060755907 (1011.6 MiB)
          Interrupt:180 Base address:0x5000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:448329 errors:0 dropped:0 overruns:0 frame:0
          TX packets:448329 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:99160665 (94.5 MiB)  TX bytes:99160665 (94.5 MiB)

lo:0      Link encap:Local Loopback
          inet addr:127.0.1.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1

tun11     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.2.2  P-t-P:10.0.2.2  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:119998 errors:0 dropped:0 overruns:0 frame:0
          TX packets:110575 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:103028729 (98.2 MiB)  TX bytes:80454635 (76.7 MiB)

tun21     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.1.1  P-t-P:10.0.1.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4746 (4.6 KiB)  TX bytes:8592 (8.3 KiB)

vlan1     Link encap:Ethernet  HWaddr
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:5837050 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10078335 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1664986924 (1.5 GiB)  TX bytes:11233565497 (10.4 GiB)

vlan2     Link encap:Ethernet  HWaddr
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
 

Martin_D

Regular Contributor
Good evening

Does anyone know how to block gambling websites as one of our family member is having problems with it
 

KGB7

Very Senior Member
Your WAN interface is eth3, which seems unusual to me (at least on my router). Are you doing something with Dual WAN or USB modem?

Skynet will apply the rules to the interface that is listed under:
Code:
nvram get wan0_ifname
If this isn’t eth3 for you, it explains why it doesn’t work for you. I understand that Adamm has not implemented support for anything Dual-WAN related because he has no way to test it.

Im using a HotSpot connected to router via USB port as my source for internet.

Thanks for the clarification.
 

EmeraldDeer

Very Senior Member

Kenji

Occasional Visitor
hello, a quick question. I reset my Asus router to factory settings and set it up again. my settings: Internet> Lan cable to Wan port of the Asus router. The Fritzbox has the IP 192.168.178.1, Asus when IP 192.168.33.1


Now the skynet log is spammed with this error. Can someone explain to me that this means? Is the connection to the Fritzbox blocked? And how do I fix this problem?

Apr 21 00:07:59 lul kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=01:00:5e:00:00:01:cc:ce:1e:0f:09:30:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=23505 DF OPT (94040000) PROTO=2 MARK=0x8000000
Apr 21 00:10:04 lul kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=01:00:5e:00:00:01:cc:ce:1e:0f:09:30:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=26008 DF OPT (94040000) PROTO=2 MARK=0x8000000
Apr 21 00:12:09 lul kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=01:00:5e:00:00:01:cc:ce:1e:0f:09:30:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=32870 DF OPT (94040000) PROTO=2 MARK=0x8000000

Lg. Philipp
 

Martin_D

Regular Contributor

ryosuke

New Around Here
Hi guys, just wanted to check how can i unblock blocked devices from skynet? i am actually trying to update the firmware of my note 10+ but then it seem the update is not downloading and when i login to skynet to check, my phone is being blocked.
 

Treadler

Very Senior Member
hello, a quick question. I reset my Asus router to factory settings and set it up again. my settings: Internet> Lan cable to Wan port of the Asus router. The Fritzbox has the IP 192.168.178.1, Asus when IP 192.168.33.1


Now the skynet log is spammed with this error. Can someone explain to me that this means? Is the connection to the Fritzbox blocked? And how do I fix this problem?

Apr 21 00:07:59 lul kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=01:00:5e:00:00:01:cc:ce:1e:0f:09:30:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=23505 DF OPT (94040000) PROTO=2 MARK=0x8000000
Apr 21 00:10:04 lul kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=01:00:5e:00:00:01:cc:ce:1e:0f:09:30:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=26008 DF OPT (94040000) PROTO=2 MARK=0x8000000
Apr 21 00:12:09 lul kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=01:00:5e:00:00:01:cc:ce:1e:0f:09:30:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=32870 DF OPT (94040000) PROTO=2 MARK=0x8000000

Lg. Philipp

Skynet > 11 (settings) > 6 (log invalid packets) = disable.
 
  • Like
Reactions: a5m

Wishmaster1965

Regular Contributor
Noob question Alert: I have rules in the UI to forward ports to specific devices of coming from outside, three in total. I can only see one working when I test from another network. Can I just use iptables to forward these three "rules" instead ?

Where would I make this change so it would be persistent post reboot ?
 

Adamm

Part of the Furniture
Hi guys, just wanted to check how can i unblock blocked devices from skynet? i am actually trying to update the firmware of my note 10+ but then it seem the update is not downloading and when i login to skynet to check, my phone is being blocked.

As per the second post in this thread;

Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!

1.) Enable Logging
Code:
sh /jffs/scripts/firewall settings logmode enable
2.) Open the blocked application/website and use the command;

Code:
sh /jffs/scripts/firewall debug watch
Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;
Code:
DST=175.115.37.52
4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.

Code:
https://otx.alienvault.com/indicator/ip/175.115.37.52/
5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

Code:
sh /jffs/scripts/firewall whitelist ip 175.115.37.52

Noob question Alert: I have rules in the UI to forward ports to specific devices of coming from outside, three in total. I can only see one working when I test from another network. Can I just use iptables to forward these three "rules" instead ?

Where would I make this change so it would be persistent post reboot ?

This has nothing todo with Skynet.
 
  • Like
Reactions: a5m

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top