Adamm
Part of the Furniture
Just run the install command again, it wont erase any data just change your boot options.
Skynet Skynet - Router Firewall & Security Enhancements
Just run the install command again, it wont erase any data just change your boot options.
Thanks much. Works like a charm.
Excuse the noob question. My understanding is that when using autoban IP's will only be blacklisted if they send an invalid packet twice within a 5 minute period, on the first attempt it will be silently dropped. What is considered an invalid packet? I guess I am trying to understand if a legitimate IP could be sending invalid packets and if that would have to do with bad ( not necessarily malicious) programming.
Adamm
Part of the Furniture
Not sure I've installed this correctly... ( I probably just don't understand how it is supposed to work. )
At startup, I get this in syslog:
With "banmalware", shouldn't there be a bunch of IPs / ranges banned? The command "ipset list" shows Whitelist 810 entries, Blacklist 3 entries, and BlockedRanges 0 entries. What happens to all the IPs downloaded from the master filter.list file urls?
At startup, I get this in syslog:
Code:
Mar 9 14:42:33 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Mar 9 14:42:33 Skynet: [INFO] Startup Initiated... ( debug banmalware usb=/tmp/mnt/ASUS )
Mar 9 14:42:53 Skynet: [Complete] 3 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [20s]With "banmalware", shouldn't there be a bunch of IPs / ranges banned? The command "ipset list" shows Whitelist 810 entries, Blacklist 3 entries, and BlockedRanges 0 entries. What happens to all the IPs downloaded from the master filter.list file urls?
skeal
Part of the Furniture
Go into skynet menu and run banmalware.
skeal
Part of the Furniture
Use amtm its the best for use with skynet ab-solution dnscrypt etc.
Ok, that helped a bunch.
Thanks!So does the "banmalware" parameter at startup provide for maintenance of the lists, but not the initial population? I did specify updates to the malware list during install, so I assume I only have to manually run banmalware from the menu this one time?
skeal
Part of the Furniture
Yes its a onetime command. Each night skynet will update itself you will see it in the system logs.Ok, that helped a bunch.
So does the "banmalware" parameter at startup provide for maintenance of the lists, but not the initial population? I did specify updates to the malware list during install, so I assume I only have to manually run banmalware from the menu this one time?
Great - Thanks for the help!
Blacklistedcard
Senior Member
Yep.... That's exactly what the problem was. After a couple of hours, the time sync'd and I was able to re-install Skynet.
Adamm
Part of the Furniture
For reference the list would have populated once the next timer was due, its somewhat of a limitation that its not immediately populated but I like the firewall and/or router to do a clean reboot before doing any heavy lifting just to make sure everything runs as expected and starts from a fresh slate. But as you found out, running the banmalware command in the meantime is another method to get it populated.
Question, and a rather basic one I guess: I did run Skynet once upon a time, however after a few - let's call it minor issues with stability - odd happenings I removed it all and installed my own old stuff (that does basically the same thing however not as advanced as Skynet, nor auto update or anything). So, is there a way to have autoupdate to ONLY update to say at least one week old stuff? Not the latest but more the most stable?
Adamm
Part of the Furniture
Skynet for the last year has gone through various development stages. Some being more indepth then others requiring significant rewrites. With that being said Skynet is more or less done with any major changes (atleast with this version). Updates lately have been more QOL or aesthetic. While I can't make any guarantees, there shouldn't be major bugs until a time comes where another significant update is appropriate.
Hi @Adamm
Lately this script has been blocking YouTube for me. I've whitelisted the IPs when performing a debug watch, however it can become frustrating when I keep having to do this multiple times as it seems different IP addresses are used. Is it possible to add the full range of IPs being used by Youtube to be whitelisted universally?
Thanks
Lately this script has been blocking YouTube for me. I've whitelisted the IPs when performing a debug watch, however it can become frustrating when I keep having to do this multiple times as it seems different IP addresses are used. Is it possible to add the full range of IPs being used by Youtube to be whitelisted universally?
Thanks
Adamm
Part of the Furniture
I use YouTube daily and have never run into any issues, if you could provide any example IP's I can investigate further.
juched
Very Senior Member
Adamm
Part of the Furniture
That IP is not currently blocked by any list.
Code:
admin@RT-AC86U-2EE8:/tmp/home/root# firewall stats search malware 24.156.131.82
#!/bin/sh
#############################################################################################################
# _____ _ _ _____ #
# / ____| | | | | ____| #
# | (___ | | ___ _ _ __ ___| |_ __ _| |__ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / /___ \ #
# ____) | <| |_| | | | | __/ |_ \ V / ___) | #
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ |____/ #
# __/ | #
# |___/ #
# #
## - 3/03/2018 - Asus Firewall Addition By Adamm v5.8.5 #
## https://github.com/Adamm00/IPSet_ASUS #
#############################################################################################################
Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 3.8M
Monitoring From Mar 7 06:58:37 To Mar 12 05:24:54
17109 Block Events Detected
2189 Unique IPs
8 Autobans Issued
1 Manual Bans Issued
Exact Matches;
Possible CIDR Matches;
Skynet: [Complete] 95991 IPs / 1589 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 573 Inbound / 422 Outbound Connections Blocked! [7s]juched
Very Senior Member
Yup. I did the same search and it wasn’t in the malware list. There wasn’t a reason mentioned. This happened a few times with YouTube. Wonder if this is somehow kicking off the IPS in the router.
Sent from my iPhone using Tapatalk
Similar threads
Similar threads
Similar threads
-
Skynet Installing Skynet causes router to crash and reboot
- Started by ovancantfort
- Replies: 26
-
Diversion Diversion & Skynet Missing on GUI after Router Reboot.- Started by cofetym
- Replies: 7
-
Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode?
- Started by pjd50
- Replies: 12
-
Solved Skynet running slow with install/update issues from AMTM?- Started by John Fitzgerald
- Replies: 10
-
Skynet Source LAN IP for outbound IP blocked by SkyNet
- Started by buzzy
- Replies: 8
-
-
-
Send stats Division and Skynet to webhook or mqtt
- Started by poudenes
- Replies: 0
-
-
Latest threads
-
-
RT-AC87U 5GHz frequently dropping after latest signature update
- Started by bibbis
- Replies: 0
-
-
Yet another question about VLAN w/ RT-AX88U Pro in AP mode.
- Started by mbze430
- Replies: 1
-
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!