What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hey Adamm,

I just manually added a few countries to your script. When adding manually do the default countries added using your pre-determined list using the "firewall bancountry" command remain or will I have to add these manually again?

Cheers!
 
Hi guys nothing yet on the other routers to make this work? I got a N66U, thanks for the hard work! regards
 
By default the cron should show this information every hour when the save command is executed. You can do this in ssh by using "firewall save"
I am not seeing this every hour. The only time I see it is if I manually "firewall save" using SSH. Any suggestions?
 
I am not seeing this every hour. The only time I see it is if I manually "firewall save" using SSH. Any suggestions?

I'd say the firewall-start script isn't being executed on boot, repeat the instructions in the first step and it should work.

As for compatibility, I'm without a laptop at the moment as I'm buying a new G750 so it will be a few weeks before I'm able to update the script with the different syntax.
 
Thanks Adamm. Is there any reason to be concerned about too many writes to the jffs area?

Sent from my Galaxy S4 using Tapatalk
 
I'd say the firewall-start script isn't being executed on boot, repeat the instructions in the first step and it should work.

I repeated the steps. Checked this morning and other than DHCP requests there is nothing in the System log. I have to APPLY the the Firewall in the GUI in or SSH into the router and FIREWALL SAVE in order to see any info. There is no autosave happening for me. Also, in the router firewall settings I cannot change the logging type to anything but DROPPED if that means anything.
 
I repeated the steps. Checked this morning and other than DHCP requests there is nothing in the System log. I have to APPLY the the Firewall in the GUI in or SSH into the router and FIREWALL SAVE in order to see any info. There is no autosave happening for me. Also, in the router firewall settings I cannot change the logging type to anything but DROPPED if that means anything.

As for jffs writes, I believe the jffs partition has more write cycles then a traditional ssd so no worries there.

As for the script not being executed hourly, I assume still it's todo with the firewall-start file, possibly because of how I originally uploaded it and encoding settings. Try execute the file manually in ssh via;

sh /jffs/scripts/firewall-start

If you see any errors, manually recreate the file and copy and paste the contents from the linked file in the first post. The script also automatically turns the firewall on with logged dropped setting as it uses both for the blacklist.

Again still stuck with just an iPhone at the moment so can't do much on my end atm.
 
Thanks Adamm. I will try the manual start when I get home from work this evening. Cheers!

Sent from my Galaxy S4 using Tapatalk
 
As for the script not being executed hourly, I assume still it's todo with the firewall-start file, possibly because of how I originally uploaded it and encoding settings. Try execute the file manually in ssh via;

sh /jffs/scripts/firewall-start

If you see any errors, manually recreate the file and copy and paste the contents from the linked file in the first post. The script also automatically turns the firewall on with logged dropped setting as it uses both for the blacklist.

I executed the firewall-start using SSH and got this error message:
Correct Settings Detected
Correct Settings Detected.
[IP Banning Started] ... ... ...
iptables: No chain/target/match by that name.
Started: Thu May 1 16:41:05 DST 2014
Finished: Thu May 1 16:41:07 DST 2014
6037 IP's currently banned
iptables: No chain/target/match by that name
 
I executed the firewall-start using SSH and got this error message:

iptables: No chain/target/match by that name

Looks normal to me, that's just some debug output from when the script starts and removes any old possible conflicting rules and creates the new set.
 
Looks normal to me, that's just some debug output from when the script starts and removes any old possible conflicting rules and creates the new set.
I am still not seeing the hourly scheduled save. I just rebooted into Windows and repeated step 1 using Xshell4. I had been using Putty in Linux Mint 13 up until now. If nothing changes I guess I will have to do the save manually a couple times each day.

Cheers!
 
I am still not seeing the hourly scheduled save. I just rebooted into Windows and repeated step 1 using Xshell4. I had been using Putty in Linux Mint 13 up until now. If nothing changes I guess I will have to do the save manually a couple times each day.

Cheers!

After a reboot post the output of the following command,

cat /var/spool/cron/crontabs/admin

If the firewall-start script is working this should be filled with two cronjobs (save and backup).
 
After a reboot post the output of the following command,

cat /var/spool/cron/crontabs/admin

If the firewall-start script is working this should be filled with two cronjobs (save and backup).
Here is the result:
0 * * * * /opt/bin/firewall save
0 5 * * * /opt/bin/firewall backup
 
Here is the result:


That's weird, by the looks of it there is no reason the cron shouldn't be executing at the start of every hour as its in the crontab file. Not only that but the same installation instructions works on my end. Maybe its to-do with a third party package installed via optware (cron in particular)

Once I get my new machine next week I'll look into it further but currently I am somewhat stumped as everything looks correct and is executing as per usual.
 
That's weird, by the looks of it there is no reason the cron shouldn't be executing at the start of every hour as its in the crontab file. Not only that but the same installation instructions works on my end. Maybe its to-do with a third party package installed via optware (cron in particular)

Once I get my new machine next week I'll look into it further but currently I am somewhat stumped as everything looks correct and is executing as per usual.
Looked at the logs again this morning and no cronjob being executed. I will continue to save the fie manually until we can get this figured out. I can wait until you get your new machine before exploring this any further. The banned ip's continue to be added which is awesome and I have added a few countries based on attacks I see on my wifes website.

Cheers!
 
Currently this script is only supported for ARM based routers (AC56U/AC68U) as they run a different version of IPTables

Any chance to implement on AC66U?

TIA - good work!
 
Hey Adamm,
I have now tried three different usb drives starting from scratch each time and I haven't had any luck with the auto save. I have to manually save the new banned ip addresses.
Cheers!

Sent from my Galaxy S4 using Tapatalk
 
Question 1:
might be silly question but does installing optware/entware pose any security risks in it self ?

Question 2:
I know there is a simple port scanning website to see if there I have any open ports that I should not, BUT is there a site that does more than that to really see how good a firewall is ?

thanks
 
That's weird, by the looks of it there is no reason the cron shouldn't be executing at the start of every hour as its in the crontab file. Not only that but the same installation instructions works on my end. Maybe its to-do with a third party package installed via optware (cron in particular)

Once I get my new machine next week I'll look into it further but currently I am somewhat stumped as everything looks correct and is executing as per usual.
Hey Adamm....just wondering if you have had any time to spend on this. This is a great project and I really would like to get it working as planned.

Cheers!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top