Skynet Skynet v8 - Router Firewall & Security Enhancements

[Ubimo]

Skynet does not start properly when there is no internet connection immediately after a router reboot.
It exits because it fails to detect an active internet connection right after the router has started.
In my case, the router takes some time to establish the connection, and crond also needs a while to fully start up.
Skynet seems too impatient in checking for connectivity and exits prematurely. As a result, I have to manually restart Skynet through its menu to get it working.
@Adamm : Would it be possible to delay the detection process or implement a connection re-check 2–3 minutes after the router has started?

 

[Untried3868]

Just ran the update to 8.0.3.

Maybe I didn't notice last night, but this morning I received an email notification about 8.0.4 being released. When I opened AMTM, it showed I was on 8.0.4. I really need to go to bed earlier!

 

[John Fitzgerald]

In what way? Looks fine with the 8.0.2 update:

Circling back to the more verbose output, is this going to be "the new normal look" for this function? I retried this on 8.0.4 to the same effect.

 

[Mutzli]

Can you show me an example? Can't reproduce on my end.

It happens every time I enter an ip address into the IoT blocking list.

Router Model; RT-BE96U
Skynet Version; v8.0.4 (17/11/2025) (96cf724ff10212dc5631cb34cea25af7)
iptables v1.4.15 - (eth1 @ 192.168.1.1)
ipset v7.6, protocol version: 7
IP Address; (xx.xxx.xxx.xx) - (xxxx:xxx:xxxx:xxx::/64)
FW Version; 102.6_beta1 (Nov 11 2025) (4.19.294)
Install Dir; /tmp/mnt/USB-Drive/skynet (16.3G / 21.8G Space Available)
SWAP File; /tmp/mnt/USB-Drive/myswap.swp (2.0G)
Banned Countries; cn bg ru

IPTables Rules                      | [Failed]

When getting back into the config and trying to change the blocking list again to remove the IP address Skynet quits with a message that it's not running and is exiting.
A check with

firewall debug info

shows a Rule Integrity Violation - [ #12 ] which is

12   WGSF       all  --  anywhere             anywhere

Let me know if you need any other info.

 

[saison2023]

Hello,
Skynet was automatically updated from 7.6.5 to 8.0.4 and I am facing an issue with domain whitelist = They are not proceeded and/or kept.
I already tried to :

• Uninstall Skynet from its own menu
• Confirm folder and files were removed
• Install latest version from AMTM
• Manually configure everything (mostly default config)
  • I am using SomeWhereOverTheRainBow malware list (https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/refs/heads/master/myfilter.list)

Whitelisting IPs is working as expected.

Whitelisting domain doesn't work:

Spoiler: Whitelisting domain

firewall whitelist domain dragonball-multiverse.com

#############################################################################################################
# #
# ███████╗██╗ ██╗██╗ ██╗███╗ ██╗███████╗████████╗ #
# ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗ ██║██╔════╝╚══██╔══╝ #
# ███████╗█████╔╝ ╚████╔╝ ██╔██╗ ██║█████╗ ██║ #
# ╚════██║██╔═██╗ ╚██╔╝ ██║╚██╗██║██╔══╝ ██║ #
# ███████║██║ ██╗ ██║ ██║ ╚████║███████╗ ██║ #
# ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝ ╚═╝ #
# #
# Router Firewall And Security Enhancements #
# By Adamm - https://github.com/Adamm00/IPSet_ASUS #
# 17/11/2025 - v8.0.4 #
#############################################################################################################

=============================================================================================================

Adding dragonball-multiverse.com To Whitelist
Saving Changes

=============================================================================================================

Spoiler: Whitelist view domains

firewall whitelist view domains

#############################################################################################################
# #
# ███████╗██╗ ██╗██╗ ██╗███╗ ██╗███████╗████████╗ #
# ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗ ██║██╔════╝╚══██╔══╝ #
# ███████╗█████╔╝ ╚████╔╝ ██╔██╗ ██║█████╗ ██║ #
# ╚════██║██╔═██╗ ╚██╔╝ ██║╚██╗██║██╔══╝ ██║ #
# ███████║██║ ██╗ ██║ ██║ ╚████║███████╗ ██║ #
# ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝ ╚═╝ #
# #
# Router Firewall And Security Enhancements #
# By Adamm - https://github.com/Adamm00/IPSet_ASUS #
# 17/11/2025 - v8.0.4 #
#############################################################################################################

=============================================================================================================

Saving Changes

=============================================================================================================

I tried to restore a backup config without success.
Seems that whitelisting domain is not working fine with latest release.

 

[dave14305]

Seems that whitelisting domain is not working fine with latest release.

Is there any problem running nslookup of the domain on the router (and how long does it take)?

time nslookup dragonball-multiverse.com

 

[XxUnkn0wnxX]

well if anyone wants to revert back to 7.6.4, Commit: b388084289a07e572a5f37d03d1a9f896148bf25 was his last before 8.0.0, some reason 7.6.5 commit is missing from the repo.

/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/b388084289a07e572a5f37d03d1a9f896148bf25/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

Should install the last stable build.

 

[saison2023]

Is there any problem running nslookup of the domain on the router (and how long does it take)?

time nslookup dragonball-multiverse.com

Thank you for your help.
This FQDN is one example. I don't have many domain whitelist (below 10) but I came to whitelist domain because IPs were changing.
My point was to demonstrate that domain whitelist is not working as expected, not like in previous version (at least, until 7.6.5 as far as I know). IP whitelisting is working fine.
I would like this feature to work again because it is very useful.

To answer your question:

Spoiler: time nslookup

admin@router:/tmp/home/root# time nslookup dragonball-multiverse.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: dragonball-multiverse.com
Address 1: 212.129.51.63 hyrule-dbm.salagir.com
real 0m 0.13s
user 0m 0.00s
sys 0m 0.00s

 

[Jack-Sparr0w]

Way slower, not very efficient , failed to download is a common occurrence. go back to the quick and dirty build cause this sucks. can't even use a custom firewall without it throwing a fit. Isn't linux supposed to be fast. so wack

 

[Jack-Sparr0w]

it was the best of times it was the blurst of times​

 

[dave14305]

Address 1: 212.129.51.63 hyrule-dbm.salagir.com

Do all your nslookups append the reverse hostname at the end (hyrule-dbm... in this example)? Skynet expects the IP to be the last entry on that Address line.

 

[saison2023]

Do all your nslookups append the reverse hostname at the end (hyrule-dbm... in this example)? Skynet expects the IP to be the last entry on that Address line.

Let's not focus on this one particular because it is only one example I choose, maybe not the best one.

Please see below another FQDN that was changing its IP on a regular basic and I was not able to catch the pace by doing IP whitelisting.

Spoiler: time nslookup

time nslookup aslouis.qc.ca
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: aslouis.qc.ca
Address 1: 74.208.236.41 74-208-236-41.elastic-ssl.ui-r.com
real 0m 0.38s
user 0m 0.00s
sys 0m 0.00s

Again, please not focus on my particular example(s), I want to demonstrate that domain whitelist is not working anymore.

 

[dave14305]

Let's not focus on this one particular because it is only one example I choose, maybe not the best one.

Please see below another FQDN that was changing its IP on a regular basic and I was not able to catch the pace by doing IP whitelisting.

Spoiler: time nslookup

time nslookup aslouis.qc.ca
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: aslouis.qc.ca
Address 1: 74.208.236.41 74-208-236-41.elastic-ssl.ui-r.com
real 0m 0.38s
user 0m 0.00s
sys 0m 0.00s

Again, please not focus on my particular example(s), I want to demonstrate that domain whitelist is not working anymore.

We do need to focus on specific examples because the domain whitelisting relies on the nslookup output. This example also shows that the IP address is not the last entry on the Address line. So this is why the whitelisting isn't working. @Adamm may not have tested this feature with domains whose IPs resolve successfully with a reverse lookup. Now he will know what to fix.

IPSet_ASUS/firewall.sh at 3a51d7adc2a9441194bbf0d9842f65711d22d75a · Adamm00/IPSet_ASUS

Skynet - Advanced IP Blocking For ASUS Routers Using IPSet. - Adamm00/IPSet_ASUS

github.com

IPSet_ASUS/firewall.sh at 3a51d7adc2a9441194bbf0d9842f65711d22d75a · Adamm00/IPSet_ASUS

Skynet - Advanced IP Blocking For ASUS Routers Using IPSet. - Adamm00/IPSet_ASUS

github.com

 

[Jack-Sparr0w]

well if anyone wants to revert back to 7.6.4, Commit: b388084289a07e572a5f37d03d1a9f896148bf25 was his last before 8.0.0, some reason 7.6.5 commit is missing from the repo.

/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/b388084289a07e572a5f37d03d1a9f896148bf25/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

Should install the last stable build.

/usr/sbin/curl -s "https://raw.githubusercontent.com/A...47a96d843dba8e33101b6644eb8205cee/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

 

[Jack-Sparr0w]

/usr/sbin/curl -s "https://raw.githubusercontent.com/A...47a96d843dba8e33101b6644eb8205cee/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

verified version v7.6.5

 

[Jack-Sparr0w]

For anyone who wants to go back, uninstall skynet. exit to root and use this code for version v7.6.5 basically copy and paste, copy full thing

/usr/sbin/curl -s "https://raw.githubusercontent.com/A...47a96d843dba8e33101b6644eb8205cee/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

 

[dave14305]

basically copy and paste, copy full thing

If you want to be helpful, put the command in a code block so the forum doesn't mangle the long URL.

 

[saison2023]

We do need to focus on specific examples because the domain whitelisting relies on the nslookup output. This example also shows that the IP address is not the last entry on the Address line. So this is why the whitelisting isn't working. @Adamm may not have tested this feature with domains whose IPs resolve successfully with a reverse lookup. Now he will know what to fix.

IPSet_ASUS/firewall.sh at 3a51d7adc2a9441194bbf0d9842f65711d22d75a · Adamm00/IPSet_ASUS

Skynet - Advanced IP Blocking For ASUS Routers Using IPSet. - Adamm00/IPSet_ASUS

github.com

IPSet_ASUS/firewall.sh at 3a51d7adc2a9441194bbf0d9842f65711d22d75a · Adamm00/IPSet_ASUS

Skynet - Advanced IP Blocking For ASUS Routers Using IPSet. - Adamm00/IPSet_ASUS

github.com

Understood, thanks for the explanations.

Here is the full list of my whitelist, maybe this could be useful.

• firewall whitelist domain aslouis.qc.ca
• firewall whitelist domain dragonball-multiverse.com
• firewall whitelist domain sebsauvage.net
• firewall whitelist domain skirelais.resortstore.net

Hope this feature will be working again in the newest/latest version.

 

[Jack-Sparr0w]

so i guess the amount of lists allowed to be used is just capped. like 15 at the most it looked like to me. went from 700 thousand to 50 thousand pretty quick lol

 

[saison2023]

Went back to 7.6.5 (and disable auto-update) using command line provided by @Jack-Sparr0w and was able to get back everything running, including domain whitelist.

I saw a difference when I ran whitelist commands, the output of the result is different.
In the new version, the IP address is missing. Surely related to the way the new version is doing the reverse lookup.
See below, I putted it in bold when doing a domain whitelist whit Skynet 7.6.5.

Spoiler: Skynet 7.6.5 - Domain whitelist with IP address in output

#############################################################################################################
# #
# ███████╗██╗ ██╗██╗ ██╗███╗ ██╗███████╗████████╗ ██╗ ██╗███████╗ #
# ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗ ██║██╔════╝╚══██╔══╝ ██║ ██║╚════██║ #
# ███████╗█████╔╝ ╚████╔╝ ██╔██╗ ██║█████╗ ██║ ██║ ██║ ██╔╝ #
# ╚════██║██╔═██╗ ╚██╔╝ ██║╚██╗██║██╔══╝ ██║ ╚██╗ ██╔╝ ██╔╝ #
# ███████║██║ ██╗ ██║ ██║ ╚████║███████╗ ██║ ╚████╔╝ ██║ #
# ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═══╝ ╚═╝ #
# #
# Router Firewall And Security Enhancements #
# By Adamm - https://github.com/Adamm00/IPSet_ASUS #
# 28/07/2025 - v7.6.5 #
#############################################################################################################


=============================================================================================================


Adding aslouis.qc.ca To Whitelist
Whitelisting 74.208.236.41
Saving Changes


=============================================================================================================