Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Adamm

Part of the Furniture
is it possible to only unblock a port with skynet? I cannot seem to be able to find a way to just say add a rule to allow port 443 or 80 access. I am currently just manually doing it with iptables in the firewall-start but would like to keep it in a single "firewall" manger if I can. I know i can allow an IP on said ports, but i cant seem to simply be able to allow a port and keep all the logging and other useful bits of skynet that it would provide by using it to do the rule.

Skynet is an IP based blacklisting solution, we don't currently support any specific port features.
 
  • Like
Reactions: a5m

Kenji

Occasional Visitor
is it possible to only unblock a port with skynet? I cannot seem to be able to find a way to just say add a rule to allow port 443 or 80 access. I am currently just manually doing it with iptables in the firewall-start but would like to keep it in a single "firewall" manger if I can. I know i can allow an IP on said ports, but i cant seem to simply be able to allow a port and keep all the logging and other useful bits of skynet that it would provide by using it to do the rule.

I have this question right now. For me it is the UDP 1149 port for my OpenVPN server that is always blocked: $

But unfortunately the Adamm only says IP based.
 

pirx73

Senior Member
@Adamm does Skynet requires "Logged packets type" set to Dropped/Accepted/Both under Firewall/General settings?
 

Adamm

Part of the Furniture
@Adamm does Skynet requires "Logged packets type" set to Dropped/Accepted/Both under Firewall/General settings?

Yes, dropped or both. Skynet will automatically change this
 

pirx73

Senior Member
Figures :D I changed it to "None" and it came back. Should've known - IT IS Skynet, always takes over :D:D
 
  • Like
Reactions: a5m

Hugga Wugga

New Around Here
Hi, I'd like to use an anonymizers and open proxies blocklist on all but a a couple of devices on my network. Is it possible to whitelist clients from blocklists within Skynet or is this something I'd have to set up manually in IPTables? Doesn't really matter either way, I just wanted to check before I started tinkering.
 

KeithC.

New Around Here
I have to say I LOVE your product.

I've just purchased a ubiquiti usg. Any change you have an idea to make this work on my new Ubiquiti USG?

Happy to donate to the cause. :)

K.
 

Diamond67

Senior Member
I would replace the USB. They are cheap. Disk check may not reveal failing memory cells.
Speaking of failing memory cells...

Suddenly my swap file started failing:

Swap Failed cropped.png

No swap configured.png


I first noticed a failed swap about a week ago, but thought it would have been a temporary glitch after updating firmware and rebooting etc.

However, it happened again. I have my swap file located on a separate usb flash drive and I think it might be corrupted or failing. Especially, because I have noticed some other random glitches lately, for example this weird "Lock File detected" case:

Skynet Lock File Detected cropped.png


So, in order to try to fix the situation I decided to delete the current swap and create a new one to another usb flash drive.

To do so I was going to temporarily disable first Diversion and then Skynet.

I disabled Diversion and after that went to Skynet settings to disable Skynet as well. Now, magically, swap seemed to work again. There was no "SWAP Failed" any more and router GUI showed a swap again:

Swap working again confused.png


Anyway, I created a new swap, activated Diversion and Skynet again and rebooted the router. So far so good. But we'll see...

Do you think all these symptoms were caused by a failing usb flash drive and failing swap file?
 

K-2SO

Very Senior Member
Do you think all these symptoms were caused by a failing usb flash drive and failing swap file?

Lock file is normal few minutes after reboot. Coming and going swap isn’t. There is nothing to diagnose so much on a USB stick. Just replace it. No need to use separate USB for swap.
 

Diamond67

Senior Member
Lock file is normal few minutes after reboot.
Yeah, I know. But this Lock File had appeared maybe 48 hours after reboot. And after rebooting or cold start I always login with PuTTY and check that everything is OK, and especially that Skynet is up and running (= everything is green). And and of course I check for updates too.

By the way, I happened to notice this swap problem while I was testing JuiceSSH - SSH Client which I just installed to my Android phone. Seems to be a pretty handy app, especially if you save your "Connection" and "Identity".

https://play.google.com/store/apps/details?id=com.sonelli.juicessh&hl=en
 

Diamond67

Senior Member
Just occurred to me that I have a passive usb 2.0 hub (4 ports) connected to the usb 3.0 connector of my router. And normally I have two usb flash drives connected to the hub. And this arrangement has worked fine for years now. But lately I installed NVRAM Save/Restore Utility to a third usb flash drive which I randomly connect to the hub as well.

Maybe there won't be enough juice for all of them to work nicely and maybe this has caused the corruption? I just updated the NVRAM Save/Restore Utility yesterday and took some backups... :oops: :rolleyes:

The usb hub has a power supply too, but I haven't used it. :)
 

Diamond67

Senior Member
With all those USB drives and a hub you only create more points of failure.
I have read (heard rumors) that some cheap usb hubs with power supply might kinda leak current to PC or in this case router. And this "backflow" could even cause some damage? But you could prevent that from happening with a tiny modification (= cutting some wire)?

That's why I prefer having my hub passive, without power supply. And the usb 3.0 connector (which should provide 900 mA) seems to be enough to feed the hub + 2 pieces of usb 2.0 flash drives (each 500 mA max.?).

But maybe the third flash drive is too much? Could the excessive need of current cause damage to the usb 3.0 port of the router? Hard to say how much current each usb 2.0 flash drive will drain.

Sorry for the off-topic, btw...
 

m3a1

New Around Here
Hi guys i have problems with skynet - playing up and not recognizing my usb devices i presume swap file gets corrupted for some unknown reason. I do shut down my device every evening and when i power it up every morning the fight with skynet begins - sounds like a movie plot i know. Deleting the swap file and re-creating it does the job but thats too much to be done every single morning. Note that i've tried different USB devices so deff. not from "bad" usb. I can see other people are complaining from the same issues. Thank you!
 

Davidncali001

Regular Contributor
Speaking of failing memory cells...

Suddenly my swap file started failing:

View attachment 23245

View attachment 23247


I first noticed a failed swap about a week ago, but thought it would have been a temporary glitch after updating firmware and rebooting etc.

However, it happened again. I have my swap file located on a separate usb flash drive and I think it might be corrupted or failing. Especially, because I have noticed some other random glitches lately, for example this weird "Lock File detected" case:

View attachment 23246


So, in order to try to fix the situation I decided to delete the current swap and create a new one to another usb flash drive.

To do so I was going to temporarily disable first Diversion and then Skynet.

I disabled Diversion and after that went to Skynet settings to disable Skynet as well. Now, magically, swap seemed to work again. There was no "SWAP Failed" any more and router GUI showed a swap again:

View attachment 23248


Anyway, I created a new swap, activated Diversion and Skynet again and rebooted the router. So far so good. But we'll see...

Do you think all these symptoms were caused by a failing usb flash drive and failing swap file?
Just curious, is there any benefit to using a separate USB stick for the swap file? I never heard of someone setting up SkyNet that way.
 

Diamond67

Senior Member
I do shut down my device every evening and when i power it up every morning the fight with skynet begins - sounds like a movie plot i know.
Do you have Disk check script activated?

At least with my system (too many usb flash drives connected :p) Disk check normally seems to last too long and the swap won't be ready soon enough to get Skynet up and running normally. So after rebooting or cold start of the router I have to [8] Restart Skynet very often to get it going "all green".
 

Diamond67

Senior Member
Just curious, is there any benefit to using a separate USB stick for the swap file? I never heard of someone setting up SkyNet that way.
I originally had a 256 MB swap file on my Entware flash drive. But after Skynet was updated so that 1 GB swap file was needed, I changed my swap to another usb flash drive simply because then there was not enough disk space in the original location (I only have 8 GB flash drives :) and some video material on those drives as well), so I just decided to move swap to another drive (which happened to have more gigabytes left/free then).
 

EmeraldDeer

Very Senior Member
Just curious, is there any benefit to using a separate USB stick for the swap file? I never heard of someone setting up SkyNet that way.
My experience with swap in another partition from SkyNet is that occasionally swap would mount first and SkyNet would not start on reboot.
 

EmeraldDeer

Very Senior Member
I originally had a 256 MB swap file on my Entware flash drive. But after Skynet was updated so that 1 GB swap file was needed, I changed my swap to another usb flash drive simply because then there was not enough disk space in the original location (I only have 8 GB flash drives :) and some video material on those drives as well), so I just decided to move swap to another drive (which happened to have more gigabytes left/free then).
The most reliable configuration is to have swap and SkyNet on a small filesystem, let's say 2 GB and have the rest in another filesystem.

You cannot unmount the swap/SkyNet filesystem. I configure it to be fsck'd every boot. It takes seconds on a fast drive.

You can umount, fsck and mount the other filesystem while the router is running. I configure this filesystem to never automatically fsck on boot.
 

Triton

Occasional Visitor
I get this message for the last two weeks when updating the Malwarebanlist
Refreshing Whitelists | du: : No such file or directory
When I print the debug info it passes all tests.
Diversion is on its most current release.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top