Menu
What's new
By:
Filters Better Search

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dave14305 said:
Can you just correct the skynetloc path in /jffs/scripts/firewall-start?
Click to expand...

Problem is when the error shows it reloads AMTM. When I enter Skynet it tries 10 times before failing with the error.

AMTM is showing Skynet installed.

Shall I reformat the JFFS partition and start again?
 
Last edited:
tekrich said:
Problem is when the error shows it reloads AMTM. When I enter Skynet it tries 10 times before failing with the error.

AMTM is showing Skynet installed.

Shall I reformat the JFFS partition and start again?
Click to expand...

The path needs to be corrected, either by changing the name of the skynet folder back (my recommendation) or manually editing /jffs/scripts/firewall-start with the new path
 
Adamm said:
The path needs to be corrected, either by changing the name of the skynet folder back (my recommendation) or manually editing /jffs/scripts/firewall-start with the new path
Click to expand...

I have forgot the old path. And im just getting into scripts and not familiar with how to go about correcting the path manually.

EDIT: I will reformat the drive, I think I know what it was labelled as previously. Then see if this resolves the issue.
 
Last edited:
tekrich said:
I have forgot the old path. And im just getting into scripts and not familiar with how to go about correcting the path manually.

EDIT: I will reformat the drive, I think I know what it was labelled as previously. Then see if this resolves the issue.
Click to expand...

This failed. USB Not Found - Sleeping for 10 Seconds.

Not sure what else to do now to get Skynet back.

AMTM is fine, but showing Skynet installed.

USB is formatted and has a swap file. No other scripts installed.
 
tekrich said:
This failed. USB Not Found - Sleeping for 10 Seconds.

Not sure what else to do now to get Skynet back.

AMTM is fine, but showing Skynet installed.

USB is formatted and has a swap file.
Click to expand...
I would rename firewall-start and install again.
Code: 
mv /jffs/scripts/firewall-start /jffs/scripts/firewall-start.bad
 
dave14305 said:
I would rename firewall-start and install again.
Code: 
mv /jffs/scripts/firewall-start /jffs/scripts/firewall-start.bad
Click to expand...

You, Sir, are a star!!!

Code: 
/jffs/scripts/firewall-start.bad
- This fixed it!

Many thanks!!!
 
bakerboy448 said:
Some false positives for the record that you'll need to add to whitelist

Snapchat Chats (outgoing chats & group snaps do not appear as sent)
35.227.237.213 blocklist_net_ua.ipset View Details US chat-gateway-prod.chat.snapchat.com
Click to expand...

Honestly that blocklist has been overzealous lately. I've added it to my exclusion lists, along with firehol level3.

My current exclusion list: blocklist_net_ua.ipset|firehol_level3.netset
 
Joe Doe said:
I didn't change any settings manually. It should actually be the default state. Could it be that someone hack/accessed my router (and disabled my firewall)?
Or is there a fallback switch in Skynet that disables features in case of errors (maybe this is somewhat related to my installation to the USB swap drive and the fact that I switch off my router every night.. which theoretically could lead to disk errors during a write process). Will start using the wireless scheduler instead now...

I just reinstalled it - seems to work now.
Click to expand...

I had the same thing happen to me - just noticed it today - mine was configured pretty much as default, (most recently running 7.1.8), and added a few IP ranges that were getting blocked etc, and all was functioning fine, and I'm 100% sure I had enabled the auto updates for Skynet and Malware lists, but all of a sudden, no more:

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]

----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Disabled]
Malware List Auto-Updates | [Disabled]
Logging | [Disabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Disabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Disabled]
Secure Mode | [Disabled]
Fast Switch List | [Disabled]
Syslog Location | [Custom]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Disabled]
CDN Whitelisting | [Disabled]
Display WebUI | [Disabled]

14/14 Tests Sucessfull

When I connect via SSH, and run firewall, or try to open via amtm, I got the error:

/jffs/scripts/firewall: line 40: arithmetic syntax error

Without uninstalling, I installed the updated version over the top (/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install) in the hope of retaining my data and blocked ranges. After install and reboot, all seems to be fine, and the status of the settings is back to what it was before:

sh /jffs/scripts/firewall debug info

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

Thanks!
 
mattmcspirit said:
I had the same thing happen to me - just noticed it today - mine was configured pretty much as default, (most recently running 7.1.8), and added a few IP ranges that were getting blocked etc, and all was functioning fine, and I'm 100% sure I had enabled the auto updates for Skynet and Malware lists, but all of a sudden, no more:

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]

----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Disabled]
Malware List Auto-Updates | [Disabled]
Logging | [Disabled]
Filter Traffic | [Selective]
Unban PrivateIP | [Disabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Disabled]
Secure Mode | [Disabled]
Fast Switch List | [Disabled]
Syslog Location | [Custom]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Disabled]
CDN Whitelisting | [Disabled]
Display WebUI | [Disabled]

14/14 Tests Sucessfull

When I connect via SSH, and run firewall, or try to open via amtm, I got the error:

/jffs/scripts/firewall: line 40: arithmetic syntax error

Without uninstalling, I installed the updated version over the top (/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install) in the hope of retaining my data and blocked ranges. After install and reboot, all seems to be fine, and the status of the settings is back to what it was before:

sh /jffs/scripts/firewall debug info

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
Local WebUI Files | [Passed]
Mounted WebUI Files | [Passed]
MenuTree.js Entry | [Passed]


----------- | ----------
| Setting | | | Status |
---------- | ----------

Skynet Auto-Updates | [Enabled]
Malware List Auto-Updates | [Enabled]
Logging | [Enabled]
Filter Traffic | [Enabled]
Unban PrivateIP | [Enabled]
Log Invalid Packets | [Disabled]
Import AiProtect Data | [Enabled]
Secure Mode | [Enabled]
Fast Switch List | [Disabled]
Syslog Location | [Default]
IOT Blocking | [Disabled]
Country Lookup For Stats | [Enabled]
CDN Whitelisting | [Enabled]
Display WebUI | [Enabled]

Thanks!
Click to expand...

The first lot of debug output indicates there was an issue loading the config file from your USB. This could be for a number of reasons (path has changed/mount point changed as usb doesnt have a label/corrupt device etc).
 
Adamm said:
The first lot of debug output indicates there was an issue loading the config file from your USB. This could be for a number of reasons (path has changed/mount point changed as usb doesnt have a label/corrupt device etc).
Click to expand...

Thank you - USB seems fine now, and all of my monitoring logs look present and correct - could have been transient after the upgrade from 384.17 to 384.18 I guess. I'll keep an eye on it and see if anything changes going forward.

Thanks!
 
H
Adamm said:
The first lot of debug output indicates there was an issue loading the config file from your USB. This could be for a number of reasons (path has changed/mount point changed as usb doesnt have a label/corrupt device etc).
Click to expand...

Having the same type of issue with Skynet. USB drive failed. Replaced it with a new one, formatted it, swap file, diversion reinstalled, but I can't get Skynet to run. It does show that I have V 7.1.9 installed If I try to run Skynet by selecting option 2 on the AMTM menu all I get is a message that it can't find the log file and will try ten times. Same type of error if I try and start it using scMerlin.

Have rebooted router several times and tried several freshly formatted USB drives using both the name of the old USB and with a new name.

Is there a method or command that I can issue that will let me uninstall Skynet so I can reinstall it without erasing NVRAM?

Thanks.
 
I am trying to block tiktok at router level. I checked all the connections that a device makes when connected to the app using asus log connection page. I blocked the IPs using BAN IP in Skynet. However when I open the app it still works and the IPs which I banned still show connection established in the log.

Skynet shows banned

i] Banning 2.21.33.89
ipset v6.32: Element cannot be added to the set: it's already added
Saving Changes

But asus still connects

tcp
192.168.1.226
58528
2.21.33.89
80
ESTABLISHE
 
Was the client device rebooted, as a test?
 
clvk07 said:
I am trying to block tiktok at router level. I checked all the connections that a device makes when connected to the app using asus log connection page. I blocked the IPs using BAN IP in Skynet. However when I open the app it still works and the IPs which I banned still show connection established in the log.

Skynet shows banned

i] Banning 2.21.33.89
ipset v6.32: Element cannot be added to the set: it's already added
Saving Changes

But asus still connects

tcp
192.168.1.226
58528
2.21.33.89
80
ESTABLISHE
Click to expand...

Works for me on my end (make sure you haven't got it accidentally whitelisted);

Code: 
skynet@RT-AX88U-DC28:/tmp/home/root# firewall ban ip 2.21.33.89
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            11/07/2020 - v7.1.9                                            #
#############################################################################################################


=============================================================================================================


[i] Banning 2.21.33.89
[i] Saving Changes


=============================================================================================================


[#] 356910 IPs (+1) -- 1670 Ranges Banned (+0) || 40016 Inbound -- 10 Outbound Connections Blocked! [ban] [7s]




skynet@RT-AX88U-DC28:/tmp/home/root# ping 2.21.33.89
PING 2.21.33.89 (2.21.33.89): 56 data bytes
ping: sendto: Operation not permitted

el pescador said:
Hi Adam. Ever considered doing an app for this on android? Think you might make a few quid.
Click to expand...

Well it probably doesn't help that I use apple devices :p

But if you want to extend protection to mobile devices, I suggest using OpenVPN to connect to your local network automatically when switching to mobile data. You can also use this to get adblocking coverage too.
 
@Adamm, please consider making skynet much more user friendly for your users by automatically parsing whitlisted domains for ips, ips change. When ips change, they must be whitelisted manually even if the domain is already in the whitelist, very annoying. Should happen each time skynet loads/reloads. Thanks.
 
You must log in or register to reply here.

Similar threads

O
Skynet Installing Skynet causes router to crash and reboot
2
Replies
26
Views
2K
Quoc Huynh
Q
U
Skynet Skynet and dig resolving completely different set of IP's
Replies
2
Views
715
ColinTaylor
C
W
Looking for an add-on that does...
Replies
5
Views
880
JGrana
JGrana
Viktor Jaep
Skynet Filter Validator v0.7 - Skynet Firewall Filter List IPv4 Integrity Validator
3 4 5
Replies
83
Views
10K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
topmusic
ddns ip whitelist with little script.
Replies
9
Views
969
topmusic
topmusic
Similar threads
Thread starter Title Forum Replies Date
O Skynet Installing Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 26
cofetym Diversion Diversion & Skynet Missing on GUI after Router Reboot. Asuswrt-Merlin AddOns 7
P Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode? Asuswrt-Merlin AddOns 12
John Fitzgerald Solved Skynet running slow with install/update issues from AMTM? Asuswrt-Merlin AddOns 10
B Skynet Source LAN IP for outbound IP blocked by SkyNet Asuswrt-Merlin AddOns 8
P Skynet Skynet errors Asuswrt-Merlin AddOns 8
ChickenheadOS Skynet Skynet 7.5.8 Firewall UI Issues Asuswrt-Merlin AddOns 18
P Send stats Division and Skynet to webhook or mqtt Asuswrt-Merlin AddOns 0
BATTLEPENCIL Skynet Unable to uninstall Skynet Asuswrt-Merlin AddOns 11
U Skynet Unable to Install Skynet Asuswrt-Merlin AddOns 31

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 850 (members: 20, guests: 830)
Top