What's new

Skynet Understanding the counters in Skynet output

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Windza

New Around Here
I've looked but not been overly successful in finding material on how the stats/counters in the output for Skynet are meant to work.

Here's a typical example of what is returned when I check in on my install;
Code:
0 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 106 Outbound Connections Blocked!

I haven't spent a great deal of time with Skynet yet so the 0's in that line gave rise to concern for me that Skynet is perhaps unable to access/read the lists.
As far as I can tell though, my Skynet install has no issues and *seems* to be functioning as I'd expect (Skynet has no complaints in the various checks I've run and the outbound connections being blocked in the output were successful manual tests against manually input banned IP's).

That leaves me with the following questions on these counters;
  • Is my output indicating an issue with my install or is this typical behaviour?
  • What is the intended purpose of these counters and are they knowingly misleading or am I misunderstanding their purpose?
  • How are they updated or reset (time schedule, router restart, something else)?
  • If they're not meant to be zeroed out, is there anyway to manually force them to update so I can check in on the actual counts?
 
Something is wrong in your installation. Those first 2 counters are populated by reading the skynet.ipset file on your USB. It’s either empty or not found.
 
Thanks for the reply...

What is confusing is why/how it appears to be actively blocking connections if there aren't any IP's registered to block?

At least that's what made me assume there had to be an issue with the counters and not the base functionality.

I just checked the skynet.ipset list directly - it contains a couple hundred lines of whitelist entries I created some time back but nothing else...
Are you saying that I should also be seeing blacklist entries in skynet.ipset?

I figured it just directly referenced the various blacklists that I see in the "Lists" folder (they're all populated and seem valid).... either way, I'm doing some digging to better understand this.
 
Welp - I'm no closer to understanding what happened or why but it is clear that something went awry with updates to the skynet.ipset file...
The events.log shows unusual activity like this;
Code:
Nov 22 23:26:47 Skynet: [#] 50193 IPs (-856) -- 1626 Ranges Banned (-17) || 34253 Inbound -- 3229 Outbound Connections Blocked! [banmalware] [105s]
Nov 23 00:00:04 Skynet: [#] 50193 IPs (+0) -- 1626 Ranges Banned (+0) || 34444 Inbound -- 3250 Outbound Connections Blocked! [save] [3s]
Nov 24 00:00:02 Skynet: [#] 0 IPs (+0) -- 0 Ranges Banned (+0) || 13 Inbound -- 27 Outbound Connections Blocked! [save] [1s]
Nov 25 08:00:01 Skynet: [#] 0 IPs (+0) -- 0 Ranges Banned (+0) || 48 Inbound -- 29 Outbound Connections Blocked! [save] [1s]
Nov 26 08:24:23 Skynet: [#] 972 IPs (+972) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [117s]
Nov 27 09:43:56 Skynet: [#] 879 IPs (-27) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [111s]
It appears as if the skynet.ipset blacklist entries got wiped out between Nov 23-24 (bad update, corruption?) and from there Skynet just continued to apply the incremental updates without any verification that the main list was present (tho I'll admit complete ignorance as to how list updates are processed and if this is plausible).

I ran 'firewall banmalware reset' which was effective in reloading the blacklist entries to skynet.ipset and it seems we're back in working order for now.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top