What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Why do you have almost every setting disabled including settings that aren't even relevant for your installation (i.e Custom syslog location), no wonder you are getting errors. I suggest uninstalling Skynet followed by a reinstall to correct these and only change settings if you are aware of what it actually does.

I didn't change any settings manually. It should actually be the default state. Could it be that someone hack/accessed my router (and disabled my firewall)?
Or is there a fallback switch in Skynet that disables features in case of errors (maybe this is somewhat related to my installation to the USB swap drive and the fact that I switch off my router every night.. which theoretically could lead to disk errors during a write process). Will start using the wireless scheduler instead now...

I just reinstalled it - seems to work now.
 
Last edited:
I've yet to dabble with Suricata, but this does sound feasible, although I would need users to send me their full fast.log so I can phrase them.
Shoot, I deleted the old log once I transferred to IP's over to Skynet. But here is the new log with just two entries:
Suricata fast.log (\entware\var\log\suricata)
Code:
06/26/2020-10:19:35.800684  [**] [1:2017919:2] ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 [**] [Classification: Attempted Denial of Service] [Priority: 2] {UDP} 45.148.121.43:52958 -> My.WAN.IP.Address:123
06/27/2020-12:55:56.610556  [**] [1:2017919:2] ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 [**] [Classification: Attempted Denial of Service] [Priority: 2] {UDP} 209.141.55.247:46418 -> My.WAN.IP.Address:123
 
Has anyone had an issue with snapchat recently? Had reports of snapchat receiving data but failing to send messages and pictures since Monday. I temporarily disabled skynet and the app started to work as normal but as soon as I enabled it again the issues started? Ive never had any issues before. Any ideas?

Thanks
 
I'm a noob to Skynet and have some question:
1. Today I updated to the latest version of Merlin, Do I need to restart Skynet or is it automatic?
2. How often do you update Skynet's IP lists?

Looking for best practices
Thanks
 
Has anyone had an issue with snapchat recently? Had reports of snapchat receiving data but failing to send messages and pictures since Monday. I temporarily disabled skynet and the app started to work as normal but as soon as I enabled it again the issues started? Ive never had any issues before. Any ideas?

Thanks

Halp - BestApp.exe or BestWebsite.com Is Being Blocked;

Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!

1.) Enable Logging
Code:
firewall settings logmode enable
2.) Open the blocked application/website and use the command;

Code:
firewall debug watch
Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.

3.) Copy the IP following "DST=" it should look something like this;
Code:
DST=175.115.37.52
4.) Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.

Code:
https://otx.alienvault.com/indicator/ip/175.115.37.52/
5.) Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!

Code:
firewall whitelist ip 175.115.37.52

1. Today I updated to the latest version of Merlin, Do I need to restart Skynet or is it automatic?

No you dont.

2. How often do you update Skynet's IP lists?

How ever often you selected during the install procedure, either daily or weekly.
 
Some false positives for the record that you'll need to add to whitelist

Snapchat Chats (outgoing chats & group snaps do not appear as sent)
35.227.237.213 blocklist_net_ua.ipset View Details US chat-gateway-prod.chat.snapchat.com

Pi-Hole Forums (won't load)
185.93.1.242 BanAiProtect: mytbar.b-cdn.net View Details US cmbimageservice.b-cdn.net piholediscourse.b-cdn.net bcltest2.b-cdn.net qualdnt.b-cdn.net

##Tags for searches
Skynet Asus Snapchat Sending Chat
 
Last edited:
Example Import Commands; ( firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples ( firewall import whitelist file.txt "Apples" ) This Whitelists All IPs From URL/Local File With The Comment Apples

Regarding the import using a file, where is the file meant to be located? Is it on the router or USB drive? In the above example it lists 'file.txt" but where is the default directory where the skynet looks for this file?

I've done a search and couldn't find the answer so apologies if it has been discussed before.
 
Regarding the import using a file, where is the file meant to be located? Is it on the router or USB drive? In the above example it lists 'file.txt" but where is the default directory where the skynet looks for this file?

I've done a search and couldn't find the answer so apologies if it has been discussed before.

Specify the full path, it can be located anywhere.
 
I am new to SkyNet but I have tried to search this thread but have not found anything on my question which is... Why am I not seeing data in my 'Top 10 HTTP(s) blocks' and 'Last 10 unique HTTP(s) blocks' Is there a config that Iam missing to capture this data? Thanks for any help.
 
I am new to SkyNet but I have tried to search this thread but have not found anything on my question which is... Why am I not seeing data in my 'Top 10 HTTP(s) blocks' and 'Last 10 unique HTTP(s) blocks' Is there a config that Iam missing to capture this data? Thanks for any help.
Are you in a double nat config? Have you refreshed stats?
 
I am new to SkyNet but I have tried to search this thread but have not found anything on my question which is... Why am I not seeing data in my 'Top 10 HTTP(s) blocks' and 'Last 10 unique HTTP(s) blocks' Is there a config that Iam missing to capture this data? Thanks for any help.

Have you considered maybe you just haven’t run into any malicious websites yet :p
 
fields987 - I am not in a double NAT and YES I did a refresh of my browser.

Adamm - Funny you should ask about visiting malicious sites... I am not aware that I have but I just wanted to I make sure if I do they will be blocked. So I wanted to check to verify I wasn't missing anything however maybe the question needs to be how can I test to see if it is configured correctly i.e. Are there any HTTPS test sites that would trigger some data to be generated. Thanks...
 
fields987 - I am not in a double NAT and YES I did a refresh of my browser.

Adamm - Funny you should ask about visiting malicious sites... I am not aware that I have but I just wanted to I make sure if I do they will be blocked. So I wanted to check to verify I wasn't missing anything however maybe the question needs to be how can I test to see if it is configured correctly i.e. Are there any HTTPS test sites that would trigger some data to be generated. Thanks...
HTTP(s) blocks are specifically reporting on port 80 or 443 blocks. I am happy to see that I have no outbound blocks at all, especially on ports 80 or 443. It means whatever measures I have in place (Diversion, browser ad-blockers, Quad9 DNS, etc.) are keeping me and my family from visiting malicious websites. Practice safe browsing!
 
Thanks everyone for your quick replies... I feel much safer now!
 
is it possible to let an specific MAC address bypass Skynet ?
im currently having buffering problems with my IPTV and activated Skynet.
 
This script looks interesting, but I had a few questions before I try it out:

1. Is it possible to exclude certain clients? As most people, I'm currently working from home and I'd rather not have my work devices being inadvertently blocked, as I don't have the time to fiddle with the whitelist during the week. I'm also not too comfortable with 'debugging' proprietary devices like setup boxes and game consoles at home. It's usually too much of a hassle for a device that isn't even vulnerable for malware in the first place.

2. I know this script included telemetry in the past, and I'm not too comfortable with blocking that. Working a lot with Azure, I've seen too many colleagues getting a headache when their pi-hole broke the Azure portal and local builds on their devices. So is telemetry still blocked by default, or has that been removed? Considering it's not really malware.
 
is it possible to let an specific MAC address bypass Skynet ?
im currently having buffering problems with my IPTV and activated Skynet.

Skynet shouldn't have any effect on buffering, you can temporarily disable it from the menu to confirm this.

1. Is it possible to exclude certain clients? As most people, I'm currently working from home and I'd rather not have my work devices being inadvertently blocked, as I don't have the time to fiddle with the whitelist during the week. I'm also not too comfortable with 'debugging' proprietary devices like setup boxes and game consoles at home. It's usually too much of a hassle for a device that isn't even vulnerable for malware in the first place.

No not at this time.

2. I know this script included telemetry in the past, and I'm not too comfortable with blocking that. Working a lot with Azure, I've seen too many colleagues getting a headache when their pi-hole broke the Azure portal and local builds on their devices. So is telemetry still blocked by default, or has that been removed? Considering it's not really malware.

We don't include telemetry lists by default.
 
I have messed up, changed the swap file name. So now Skynet errors...

-Problem with USB Intstall Location - Please Fix Immediately!
-When fixed Run ( sh /jffs/scripts/firewall restart )

Its looking for the old swap location, that has been changed.

Is there a command that I can use in AMTM to uninstall Skynet, so I can reinstall it?
 
Last edited:
I have messed up, changed the swap file name. So now Skynet errors...

-Problem with USB Intstall Location - Please Fix Immediately!
-When fixed Run ( sh /jffs/scripts/firewall restart )

Its looking for the old swap location, that has been changed.

Is there a command that I can use in AMTM to uninstall Skynet, so I can reinstall it?
Can you just correct the skynetloc path in /jffs/scripts/firewall-start?
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top