Skynet Skynet - Router Firewall & Security Enhancements
Adamm
Part of the Furniture
I assume its pausing at the Check_Connection() function;
Code:
Check_Connection () {
livecheck="0"
while [ "$livecheck" != "4" ]; do
if ping -q -w3 -c1 google.com >/dev/null 2>&1; then
break
else
if ping -q -w3 -c1 github.com >/dev/null 2>&1; then
break
else
if ping -q -w3 -c1 snbforums.com >/dev/null 2>&1; then
break
else
livecheck=$((livecheck+1))
if [ "$livecheck" != "4" ]; then
echo "[*] Internet Connectivity Error"
sleep 10
else
return "1"
fi
fi
fi
fi
done
}Basically what this means is your router fails to ping google, then github, then finally snbforums and after multiple attempts reports the connection as being down. I assume this is to-do with incorrect configuration of the VPN as the function is quite straight forward.
keef
Senior Member
Well I noticed that while the Internet is fine and PIA's home page says I'm connected and I have a new IP, in Merlin on the OpenVPN PIA menu it reports a private IP but not a public one. I emailed the PIA guys. Under ExpressVPN it works fine.
thanks
pattiri
Senior Member
I've forced installed the latest version but I still get these;
Code:
[$] /opt/bin/firewall banmalware
=============================================================================================================
[i] Downloading filter.list | [0s]
[i] Refreshing Whitelists | /opt/bin/firewall: line 5165: split: not found
/opt/bin/firewall: line 5165: can't open *: no such file
[6s]
[i] Consolidating Blacklist | [6s]
[i] Filtering IPv4 Addresses | [4s]
[i] Filtering IPv4 Ranges | [1s]
[i] Applying New Blacklist | [8s]
[i] Refreshing AiProtect Bans | [0s]
[i] Saving Changes | [5s]
[i] For Whitelisting Assistance -
[i] https://www.snbforums.com/threads/release-skynet-router-firewall-security-enhancements.16798/#post-115872
=============================================================================================================
[#] 143796 IPs (+727) -- 1621 Ranges Banned (+6) || 170 Inbound -- 7 Outbound Connections Blocked! [banmalware] [33s]
dave14305
Part of the Furniture
The workaround is to install the coreutils-split package from Entware. Some models automatically include it, most don't.
Code:
opkg install coreutils-split
ZeMitras
New Around Here
Hello guys!
First, this software is amaizing, thank you so much for this.
My favorite feature is the IOT blocking (done the right way). Regarding this subject, I selected the option "Select IOT Allowed Port Protocol" -> UDP.
What does this mean? That I allow my IOT devices to "talk" to the internet via UDP? There is no reset option... Maybe I'm not understanding this right...
Thanks
First, this software is amaizing, thank you so much for this.
My favorite feature is the IOT blocking (done the right way). Regarding this subject, I selected the option "Select IOT Allowed Port Protocol" -> UDP.
What does this mean? That I allow my IOT devices to "talk" to the internet via UDP? There is no reset option... Maybe I'm not understanding this right...
Thanks
Adamm
Part of the Furniture
As dave mentioned, this is a known bug in non-HND routers we found a few days ago and should be fixed in the next firmware release. A temporary workaround is to install the "coreutils-split" package in entware.
Adamm
Part of the Furniture
Appreciate the kind words
This is in relation to the allowed port list. Ports can either communicate via UDP, TCP or Both depending on which setting you select.
Code:
( sh /jffs/scripts/firewall settings iot unban|ban 8.8.8.8,9.9.9.9 ) Unban|Ban IOT Device(s) (or CIDR) From Accessing WAN (Allow NTP / Remote Access Via OpenVPN Only) (Use Comma As Separator)
( sh /jffs/scripts/firewall settings iot view ) View Currently Banned IOT Devices
( sh /jffs/scripts/firewall settings iot ports 123,124,125 ) Allow Port(s) To Access WAN (Use Comma As Separator)
( sh /jffs/scripts/firewall settings iot ports reset ) Reset Allowed Port List To Default
( sh /jffs/scripts/firewall settings iot proto udp|tcp|all ) Select IOT Allowed Port Protocoldave14305
Part of the Furniture
Anyone else get the massive reduction in blocked IPs today?
I just re-ran the banmalware update and got some back.
Code:
Oct 24 08:28:36 Skynet: [#] 82988 IPs (-55424) -- 1633 Ranges Banned (-49) || 0 Inbound -- 0 Outbound Connections Blocked! [banmalware] [216s]
Code:
[#] 127313 IPs (+44325) -- 1630 Ranges Banned (-3) || 0 Inbound -- 0 Outbound Connections Blocked! [banmalware] [54s]
Butterfly Bones
Very Senior Member
I see that often, though not as high as yours, I do get that on occasion. I also note the banmalware execution time is much longer than normal when this occurs, as is your.
This time I see negative numbers, though not as high as yours. I always keep my cron execution early morning 0525 local time, but I think I will experiment with changing that time.
Code:
2019-10-24 08:46:48.000 [#] 127383 IPs (-2933) -- 27187 Ranges Banned (-3) || 14146 Inbound -- 90 Outbound Connections Blocked! [banmalware] [34s]
2019-10-24 05:27:33.000 [#] 130315 IPs (-6928) -- 27190 Ranges Banned (-13) || 13537 Inbound -- 90 Outbound Connections Blocked! [banmalware] [153s]
Code:
2019-10-23 05:25:56.000 [#] 137241 IPs (-7853) -- 27203 Ranges Banned (-57) || 8535 Inbound -- 27 Outbound Connections Blocked! [banmalware] [51s]
2019-10-22 05:25:51.000 [#] 145093 IPs (+2830) -- 27260 Ranges Banned (+88) || 3283 Inbound -- 3 Outbound Connections Blocked! [banmalware] [143s]
Code:
2019-10-21 09:45:58.000 [#] 142262 IPs (+1035) -- 27172 Ranges Banned (-28) || 9 Inbound -- 0 Outbound Connections Blocked! [banmalware] [19s]
2019-10-21 05:25:53.000 [#] 141227 IPs (+3746) -- 27200 Ranges Banned (+58) || 640 Inbound -- 0 Outbound Connections Blocked! [banmalware] [47s]
Code:
2019-10-20 05:25:50.000 [#] 137480 IPs (-667) -- 27142 Ranges Banned (-39) || 3099 Inbound -- 34 Outbound Connections Blocked! [banmalware] [50s]
2019-10-19 05:25:40.000 [#] 138147 IPs (+668) -- 27181 Ranges Banned (-4) || 7225 Inbound -- 69 Outbound Connections Blocked! [banmalware] [40s]
2019-10-18 05:25:41.000 [#] 137479 IPs (+703) -- 27185 Ranges Banned (+14) || 3340 Inbound -- 28 Outbound Connections Blocked! [banmalware] [41s]Adamm
Part of the Furniture
I've pushed v6.9.1
This update fixes an edge case where curl fails to download blacklists due to DNSMasq being overwhelmed by large shared-*-Whitelist files if dns_local_cache is enabled.
Spent quite a few more hours then I'd like to admit tracking down the issue unnecessarily rewriting parts of Skynet, like most complex issues it was mitigated by one simple line of code
This update fixes an edge case where curl fails to download blacklists due to DNSMasq being overwhelmed by large shared-*-Whitelist files if dns_local_cache is enabled.
Spent quite a few more hours then I'd like to admit tracking down the issue unnecessarily rewriting parts of Skynet, like most complex issues it was mitigated by one simple line of code
thelonelycoder
Part of the Furniture
.. which you probably lifted off a google search directing you to stackoverflow.com, with the exact problem someone else had a year ago
Skynet (well one of the block lists) had the ip 159.45.170.156 banned, which is an address of a wellsfargo site. (I couldn't talk to the bank). I fixed by unbanning the ip
firewall unban ip 159.45.170.156
Now everything works, did this just happen to me? did i inadvertently ban wellsfargo at some point?
firewall unban ip 159.45.170.156
Now everything works, did this just happen to me? did i inadvertently ban wellsfargo at some point?
dave14305
Part of the Furniture
It's part of "BanMalware: alienvault_reputation.ipset"
Twiglets
Senior Member
Just updated to the latest version and I am getting 'cannot Fork' errors when 'Refreshing Whitelists'.I've pushed v6.9.1
This update fixes an edge case where curl fails to download blacklists due to DNSMasq being overwhelmed by large shared-*-Whitelist files if dns_local_cache is enabled.
Spent quite a few more hours then I'd like to admit tracking down the issue unnecessarily rewriting parts of Skynet, like most complex issues it was mitigated by one simple line of code
This appears to be more frequently happening than the previous version !!!???
How do I re-install the previous version ?
Adamm
Part of the Furniture
Twiglets
Senior Member
The output is as follows:
Code:
Joe@Bloggs:/tmp/home/root# wc -l /jffs/shared-*
87 /jffs/shared-Diversion-whitelist
21 /jffs/shared-Skynet-whitelist
14 /jffs/shared-Skynet2-whitelist
122 totalAdamm
Part of the Furniture
Purely aesthetic, during the startup procedure Skynet grabs the version string and sets it in the config.
Just noticed you are running an AC56U which unfortunately is EOL with a 15 month old firmware. The part of the code which causes fork errors hasn't been modified since v6.9.0 and even then those changes wouldn't apply to your setup.
With that being said, you could try a reboot and see if that mitigates the error (its an underlying broadcom issue), but beyond that there isn't too much I can do as any recent firmware mitigation won't apply to your model. Might be worth looking into a second hand AC68U which are quite cheap, I sold mine a year ago for $100AUD so I imagine you can find some good deals out there.
Similar threads
Similar threads
Similar threads
-
Skynet Skynet - Blocked outbounds coming from the router itself?
- Started by JuanGF
- Replies: 12
-
Skynet Installing Skynet causes router to crash and reboot
- Started by ovancantfort
- Replies: 26
-
Diversion Diversion & Skynet Missing on GUI after Router Reboot.- Started by cofetym
- Replies: 7
-
Skynet How to see which domains get blocked by Skynet?
- Started by Rici
- Replies: 3
-
Blocking “RO” country code in Skynet blocks Proton VPN UK connections- Started by Gary_Dexter
- Replies: 2
-
Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode?
- Started by pjd50
- Replies: 12
-
Solved Skynet running slow with install/update issues from AMTM?- Started by John Fitzgerald
- Replies: 10
-
Skynet Source LAN IP for outbound IP blocked by SkyNet
- Started by buzzy
- Replies: 8
-
-
