Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Ubimo

Senior Member
In the router main menu, by just clicking on "Adaptive QoS" button (then watching syslog), this triggers a skynet restart.
Can someone confirm?

Edit:
I'm not using QoS.
 
Last edited:

Adamm

Part of the Furniture
I'm concluding they happen every-time something gets changed on the router.

Correct, its perfectly normal.

I'm also trying to open my NAT type to my PS4. I used the GUI port forwarding but wasn't able to get an open NAT type while playing. What ports did you open? Does skynet have a place to edit port forward rules? The GUI only allows for 64 port forwards and I was wondering if Skynet allows for more.

The ports I tried to set in the GUI are as follows:
View attachment 23019

For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

View attachment 23021

Should I enter each port individually instead of using a range? Or is there a better way to do this in Skynet rather than the GUI? Sorry for the many questions, but I tried using the port forwarding rules in the WAN settings. Now I see additional inbound firewall rules in the general tab of the firewall. What's the difference between these? Thanks!

This has nothing to-do with Skynet.

I haven't had an outbound block in a month I don't think

Thats a good thing, the less outbound blocks the better.

In the router main menu, by just clicking on "Adaptive QoS" button (then watching syslog), this triggers a skynet restart.
Can someone confirm?

Edit:
I'm not using QoS.

I think your confusing a "skynet restart" with a "firewall service restart", the latter which happens when the WebUI detects a setting change that could potentially affect the firewall rules.
 

Ubimo

Senior Member
"firewall service restart", the latter which happens when the WebUI detects a setting change that could potentially affect the firewall rules.
You are correct, it's a firewall service restart. No settings were changed, but still the firewall restarts. So I guess that's a FW issue and not skynet related.
 

wbartels

Occasional Visitor
For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

View attachment 23021
> It only allows you to put one port in the internal port box.
That is right, here you set the lowest port number of the range!
 

fields987

Regular Contributor
I’ve got a couple questions on outbound blocks.

1) can we send email alerts for outbound blocks? I typically don’t get a lot of these so when I do see them in the webui, I investigate as anomalous behavior.

2) instead of (or in addition to) using the source ip, can pull the hostname of the device instead?
Thanks!
 

pirx73

Senior Member
I recently got 2 similar skynet tabs in Firewall... how can i remove one?
EDIT: forced upgrade of Skynet and duplicate tab is gone, but after Skynet regenerated stats, it's back again.
 
Last edited:

Adamm

Part of the Furniture
1) can we send email alerts for outbound blocks? I typically don’t get a lot of these so when I do see them in the webui, I investigate as anomalous behavior.

Not at this time

2) instead of (or in addition to) using the source ip, can pull the hostname of the device instead?

The logs are generated directly by IPTables so unfortunately that is impossible, although this is done via the stats command.

I recently got 2 similar skynet tabs in Firewall... how can i remove one?
EDIT: forced upgrade of Skynet and duplicate tab is gone, but after Skynet regenerated stats, it's back again.

Can't reproduce this on my end, easiest fix is just reboot your router which should remove all custom user pages.
 

pirx73

Senior Member
Will do later today and let you know.
 

Nebulaz

Occasional Visitor
How can you remove Skynet? I can't uninstall it because it says the file is locked (has said so all day). I have tried Formatting the disk, but it doesn't remove Skynet. Any options?
 

L&LD

Part of the Furniture
Does a reboot and waiting about 10 minutes help?

Does 'Safely remove USB drive' help and then physically removing it and then re-inserting it (and waiting until all services are running)? :)
 

Nebulaz

Occasional Visitor
Nope. Now when I attempt to go into skynet, it says USB not found and attempts 10 times with no luck.

No other add on has an issue. And I can uninstall and reinstall all the others but skynet poses the only issue.

Sent from my Nokia 7.1 using Tapatalk
 

L&LD

Part of the Furniture
Is your USB drive faulty? :)

Is Diversion installed and running?

If Diversion is installed and running (and recognizing the USB drive) check the 'dcl' disk checker log for any hints.

If Diversion is not running but you had it installed, the other scripts will seem to work okay, but they're not. :)
 

Butterfly Bones

Very Senior Member
Nope. Now when I attempt to go into skynet, it says USB not found and attempts 10 times with no luck.

No other add on has an issue. And I can uninstall and reinstall all the others but skynet poses the only issue.

Sent from my Nokia 7.1 using Tapatalk
You need to go in to /jffs/scripts and delete "firewall", that is Skynet.
Code:
 cat /jffs/scripts/firewall


#!/bin/sh
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            26/04/2020 - v7.1.6                                            #
#############################################################################################################
 

Adamm

Part of the Furniture
Nope. Now when I attempt to go into skynet, it says USB not found and attempts 10 times with no luck.

No other add on has an issue. And I can uninstall and reinstall all the others but skynet poses the only issue.

Sent from my Nokia 7.1 using Tapatalk

Code:
sh /jffs/scripts/firewall uninstall
 

pirx73

Senior Member

juched

Senior Member
I'm also trying to open my NAT type to my PS4. I used the GUI port forwarding but wasn't able to get an open NAT type while playing. What ports did you open? Does skynet have a place to edit port forward rules? The GUI only allows for 64 port forwards and I was wondering if Skynet allows for more.

The ports I tried to set in the GUI are as follows:
View attachment 23019

For the above port ranges, the GUI in the firewall allows you to enter a range in the external port, but not a range in the internal port. It only allows you to put one port in the internal port box. So I left the internal port blank (it showed optional). So my port forward list looks like this:

View attachment 23021

Should I enter each port individually instead of using a range? Or is there a better way to do this in Skynet rather than the GUI? Sorry for the many questions, but I tried using the port forwarding rules in the WAN settings. Now I see additional inbound firewall rules in the general tab of the firewall. What's the difference between these? Thanks!

I myself enable upnp and then customize /jffs/scripts/upnp.postconf to disable it for every device except my PS4 and Xbox One.

Code:
 #!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_insert "allow 1-65535 192.168.0.1/255.255.255.0 1024-65535" "allow 1024-65535 192.168.0.11/255.255.255.255 1024-65535" $CONFIG
pc_replace "allow 1-65535 192.168.0.1/255.255.255.0 1024-6553”  "allow 1024-65535 192.168.0.12/255.255.255.255 1024-65535" $CONFIG

This only allows IP .11 and .12 to use upnp. The rest are denied for security purposes.
 
Last edited:

ebalsumgo

Regular Contributor
is it possible to only unblock a port with skynet? I cannot seem to be able to find a way to just say add a rule to allow port 443 or 80 access. I am currently just manually doing it with iptables in the firewall-start but would like to keep it in a single "firewall" manger if I can. I know i can allow an IP on said ports, but i cant seem to simply be able to allow a port and keep all the logging and other useful bits of skynet that it would provide by using it to do the rule.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top