adamm00 / ipset_asus Goto Github PK

Skynet - Advanced IP Blocking For ASUS Routers Using IPSet.

Home Page: https://www.snbforums.com/threads/release-skynet-router-firewall-security-enhancements.16798/

Shell 85.48% Classic ASP 14.52%

firewall asus-routers skynet ipset iptables blacklist blocking snbforums asuswrt-merlin security

ipset_asus's Introduction

Skynet - Firewall & Security Enhancements

Elevate your home network security with Skynet, a robust firewall and security tool meticulously crafted for ASUS routers running the AsusWRT-Merlin firmware, ensuring POSIX compliance for seamless integration.

Featured on SmallNetBuilder, Skynet extends the capabilities of your router's SPI Firewall, Brute Force Detection, and AiProtect with its lightweight yet powerful IPSet-based firewall. This flexible addition allows for effortless customization of firewall rules to match your precise requirements and preferences.

However, Skynet goes beyond mere firewall functionalities. It serves as a comprehensive security suite capable of blacklisting single IPs, domains, or even entire countries. Leveraging predefined malware lists from reputable sources, it fortifies your network against potential threats while also securing IoT devices against unauthorized access.

Furthermore, Skynet seamlessly integrates with OpenVPN and WireGuard implementations, safeguarding local servers and ensuring encrypted communication channels remain secure. Whether you're hosting an OpenVPN or WireGuard server, Skynet offers robust protection, enhancing its versatility and utility.

With Skynet and AsusWRT-Merlin, you can entrust your router's security to a reliable and fully compatible solution. Whether you're a novice or an experienced user, Skynet's intuitive interface and extensive feature set make it the ultimate choice for bolstering your network defenses.

In conclusion, if you're seeking to augment the security features of your ASUS router running AsusWRT-Merlin, Skynet stands out as the premier solution. Don't compromise on your network's safety any longer – embrace Skynet today and safeguard your digital domain with confidence.

Donate

You can use this script for free as it will always remain open source. However, if you would like to contribute to future development efforts, you have the option to support us by Donating With PayPal.

Requirement

All that's required is a USB drive that's at-least 2GB (so there is room for a SWAP file). After downloading it just works.

Usage

Skynet provides both a user interactive menu, and command line interface for those who prefer it.

To open the menu its as simple as;

firewall

Installation

In your favorite SSH Client;

/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

For firmware versions 384.15+ this can also be installed via AMTM by following the menu prompts;

amtm

Skynet Script Commands

Example Unban Commands:

firewall unban ip 8.8.8.8: Unban the specified IP.
firewall unban range 8.8.8.8/24: Unban the specified CIDR block.
firewall unban domain google.com: Unban the specified URL.
firewall unban comment "Apples": Unban entries with the comment "Apples".
firewall unban country: Unban entries added by the "Ban Country" feature.
firewall unban asn AS123456: Unban the specified ASN.
firewall unban malware: Unban entries added by the "Ban Malware" feature.
firewall unban nomanual: Unban everything but manual bans.
firewall unban all: Unban all entries from both blacklists.

Example Ban Commands:

firewall ban ip 8.8.8.8 "Apples": Ban the specified IP with the comment "Apples".
firewall ban range 8.8.8.8/24 "Apples": Ban the specified CIDR block with the comment "Apples".
firewall ban domain google.com: Ban the specified URL.
firewall ban country "pk cn sa": Ban known IPs for the specified countries.
firewall ban asn AS123456: Ban the specified ASN.

Example Banmalware Commands:

firewall banmalware: Ban IPs from the predefined filter list.
firewall banmalware google.com/filter.list: Use the filter list from the specified URL.
firewall banmalware reset: Reset Skynet back to the default filter URL.
firewall banmalware exclude "list1.ipset|list2.ipset": Exclude lists matching the names "list1.ipset" and "list2.ipset" from the current filter.
firewall banmalware exclude reset: Reset the exclusion list.

Example Whitelist Commands:

firewall whitelist ip 8.8.8.8 "Apples": Whitelist the specified IP with the comment "Apples".
firewall whitelist range 8.8.8.8/24 "Apples": Whitelist the specified range with the comment "Apples".
firewall whitelist domain google.com: Whitelist the specified URL.
firewall whitelist asn AS123456: Whitelist the specified ASN.
firewall whitelist vpn: Refresh VPN whitelist.
firewall whitelist remove all: Remove all non-default entries.
firewall whitelist remove entry 8.8.8.8: Remove the specified IP/range.
firewall whitelist remove comment "Apples": Remove entries with the comment "Apples".
firewall whitelist refresh: Regenerate shared whitelist files.

Example Import Commands:

firewall import blacklist file.txt "Apples": Ban all IPs from the URL/local file with the comment "Apples".
firewall import whitelist file.txt "Apples": Whitelist all IPs from the URL/local file with the comment "Apples".

Example Deport Commands:

firewall deport blacklist file.txt: Unban all IPs from URL/local file.
firewall deport whitelist file.txt: Unwhitelist all IPs from URL/local file.

Example Update Commands:

firewall update: Standard update check - if nothing detected, exit.
firewall update check: Check for updates only - won't update if detected.
firewall update -f: Force update even if no changes detected.

Example Settings Commands:

firewall settings autoupdate enable|disable: Enable/disable Skynet autoupdating.
firewall settings banmalware daily|weekly|disable: Enable/disable automatic malware list updating.
firewall settings logmode enable|disable: Enable/disable logging.
firewall settings filter all|inbound|outbound: Select what traffic to filter.
firewall settings unbanprivate enable|disable: Enable/disable Unban_PrivateIP function.
firewall settings loginvalid enable|disable: Enable/disable invalid packet logging.
firewall settings banaiprotect enable|disable: Enable/disable banning IPs flagged by AiProtect.
firewall settings securemode enable|disable: Enable/disable insecure settings being applied in WebUI.
firewall settings fs google.com/filter.list|disable: Configure/disable fast malware list switching.
firewall settings syslog|syslog1 /tmp/syslog.log|default: Configure custom syslog/syslog-1 location.
firewall settings iot unban|ban 8.8.8.8,9.9.9.9: Unban/ban IOT device(s) (or CIDR) from accessing WAN (allow NTP/remote access via OpenVPN/Wireguard only).
firewall settings iot view: View currently banned IOT devices.
firewall settings iot ports 123,124,125: Allow port(s) to access WAN.
firewall settings iot ports reset: Reset allowed port list to default.
firewall settings iot proto udp|tcp|all: Select IOT allowed port protocol.
firewall settings iotlogging enable|disable: Enable/disable IOT logging for protected devices.
firewall settings lookupcountry enable|disable: Enable/disable country lookup for stat data.
firewall settings cdnwhitelist enable|disable: Enable/disable CDN whitelisting.
firewall settings webui enable|disable: Enable/disable WebUI.

Example Debug Commands:

firewall debug watch: Show debug entries as they appear.
firewall debug info: Print useful debug info.
firewall debug info extended: Debug info + config.
firewall debug genstats: Update WebUI stats.
firewall debug clean: Cleanup syslog entries.
firewall debug swap install|uninstall: Install/uninstall SWAP file.
firewall debug backup: Backup Skynet files to Skynet's install directory.
firewall debug restore: Restore backup files from Skynet's install directory.

Example Stats Commands:

firewall stats: Compile stats with default top 10 output.
firewall stats 20: Compile stats with customizable/optional top 20 output.
firewall stats tcp: Compile stats showing only TCP entries.
firewall stats tcp 20: Compile stats showing only TCP entries with customizable/optional top 20 output.
firewall stats search port 23: Search logs for entries on port 23.
firewall stats search port 23 20: Search logs for entries on port 23 with customizable/optional top 20 output.
firewall stats search ip 8.8.8.8: Search logs for entries on 8.8.8.8.
firewall stats search ip 8.8.8.8 20: Search logs for entries on 8.8.8.8 with customizable/optional top 20 output.
firewall stats search domain google.com 20: Search logs for entries IP's resolving to domain with customizable/optional top 20 output.
firewall stats search malware 8.8.8.8: Search malware lists for specified IP.
firewall stats search manualbans: Search for all manual bans.
firewall stats search device 192.168.1.134: Search for all outbound entries from local device 192.168.1.134.
firewall stats search device reports: Search previous hourly report history.
firewall stats search invalid: Search for invalid packets.
firewall stats search iot: Search for IOT packets.
firewall stats search connections ip|port|proto|id xxxxxxxxxx: Search active connections.
firewall stats remove ip 8.8.8.8: Remove log entries containing IP 8.8.8.8.
firewall stats remove port 23: Remove log entries containing port 23.
firewall stats reset: Reset all collected logs.

About

Skynet gained self-awareness after it had spread into millions of computer servers all across the world; realizing the extent of its abilities, its creators tried to deactivate it. In the interest of self-preservation, Skynet concluded that all of humanity would attempt to destroy it and impede its capability in safeguarding the world. Its operations are almost exclusively performed by servers, mobile devices, drones, military satellites, war-machines, androids and cyborgs (usually a terminator), and other computer systems. As a programming directive, Skynet's manifestation is that of an overarching, global, artificial intelligence hierarchy (AI takeover), which seeks to exterminate the human race in order to fulfill the mandates of its original coding. (▀̿Ĺ̯▀̿ ̿)

ipset_asus's People

Contributors

Stargazers

Watchers

Forkers

perkins1724 fdx90 bengt-m yecarrillo gitthegreek pave-fe c0ns0le d1n0bot itsjarrett rivman erikomarques hkguy wbartels johnkramorbhz ithildinx audionut timothyle ninlar welldo stoneblue wangyx0055 rorodane dennisvanderpool kysko chhean mitchelltesla r3g3x3 anonopsbuilds james-martinez cativolcus t-birth tokarak bonus9500 logicalphallacy tru0blu0 tonigrzb shayan120 dethknite abundantior hbxc0re burrella90 lufc1953 fantalim0n usernamenotavailableofc herbertmaa gh0st-network diab1e gooshy soulbladermd alexcoffee jumpsmm7 kevdliu sopla4ever dhqcn alexhk janico82 dave14305 zelativity

ipset_asus's Issues

Port Blocking - Gaming

Also, since the last skynet update I am unable to connect to some battlefield 4 servers. It seems specific to skynet because when I disable skynet things work. Once I enable it things are broken again. I added some port forwarding inside of the Asus router and that didnt seem to fix it. The only solution is disabling skynet which is something I prefer not to do.

Support for John's Merlin fork

Hi,
I'm running John's fork on my RT-N66U, and the latest version of Skynet doesn't support this fw version (newer needed). Is there an older version or a fork that I could use?
Thanks

Edit: sorry, I just found: https://github.com/Adamm00/IPSet_ASUS/wiki#ipset-extensions-not-enabled

Cert Italian IoC

It would be possible to insert it by default, it is managed by the Italian government

https://infosec.cert-pa.it/analyze/listip.txt

It would be possible to insert it by default, it is managed by the Italian government

Thanks

Quick Q about WebUI

Brief Description Of Issue

Assuming this hooks skynet functionality/stats into the default asus firmware webui?

Currently using asus merlin firmware, and installing via amtm, and don't see any skynet webui, or options for manual accesss. Assuming i should just disable webui under skynet settings?

Q: manually update malware lists

can this be done?

Small aesthetic bug in the Whitelist_CDN function

Brief Description Of Issue

The Whitelist_CDN function introduces an extra whitespace in the skynet.ipset

create Skynet-Whitelist hash:net family inet hashsize 2048 maxelem 65536 comment
add Skynet-Whitelist 23.10.80.0/20 comment "CDN-Whitelist: AS16625 "
add Skynet-Whitelist 23.212.16.0/20 comment "CDN-Whitelist: AS16625 "
add Skynet-Whitelist 52.119.249.0/24 comment "CDN-Whitelist: Amazon "
add Skynet-Whitelist 13.48.0.0/15 comment "CDN-Whitelist: Amazon "
add Skynet-Whitelist 184.84.192.0/22 comment "CDN-Whitelist: AS16625 "
add Skynet-Whitelist 35.158.127.64/26 comment "CDN-Whitelist: Amazon "
add Skynet-Whitelist 35.180.112.80/29 comment "CDN-Whitelist: Amazon "
add Skynet-Whitelist 151.139.88.0/23 comment "CDN-Whitelist: AS33438 "
add Skynet-Whitelist 17.132.13.0/24 comment "CDN-Whitelist: AS714 "
add Skynet-Whitelist 23.197.48.0/23 comment "CDN-Whitelist: AS16625 "

Fix

Remove the space in the firewall file just before \"\n" on line 817, 820 and 821

WebUI not populating stats

Brief Description Of Issue

The webui does not populate stats - shows "no data to display", despite having WebUI enabled.

Syslog & syslog-1 locations are set to default.

Steps To Reproduce Issue

I have remediated this by going into settings (11 in the menu), then Display WebUI (14) and enabling, even though it was already enabled. This then seems to recreate the page (user2.asp) and regenerates the stats.

Expected Behaviour

Graphical + lists of blocked addresses / sites.

Output of ( sh /jffs/scripts/firewall debug info )

Router Model; RT-AC3200
Skynet Version; v7.1.5 (10/04/2020) (2ab78437e26063032e6b950292a6c8c5)
iptables v1.4.15 - (eth0 @ x.x.x.x)
ipset v6.32, protocol version: 6
IP Address; (x.x.x.x) - (/)
FW Version; 384.13_6 (Apr 5 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda1/skynet (11.3G / 14.2G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)
Uptime; 0 days, 1 hours, 33 minutes.
Ram Available; (156M / 249M)

IPs do not get blocked correctly

First of all, Thank you so much for your hard work on this awesome project.

Brief Description Of Issue

Hello, I have an issue with the Skynet firewall everything working fine when I block an IP, the IP gets blocked and the pinging stopped.
I'm trying to block a specific IP server in a game so I don't connect to that server, because the latency is too high on it, but after blocking the IP when I’m pinging the server IP in cmd I got Request timed out which means it’s blocked by Skynet, but in the game, the server doesn't get blocked and still get connected to that server.

I tried to use Peerblock to block the IP it gets blocked correctly.

Steps To Reproduce Issue

logged to ssh
firewall
2
1
entered the IP and name
no ping from cmd
but I can connect to the game server

Expected Behaviour

can't connect to the game server

Output of ( sh /jffs/scripts/firewall debug info )

Router Model; RT-AC86U
Skynet Version; v7.2.4 (12/03/2021) (5108beaccd8af56c50682d2253e66320)
iptables v1.4.15 - (ppp0 @ 192.168.1.1)
ipset v7.6, protocol version: 7
IP Address; (1.1.1.1)
FW Version; 386.2_beta1 (Mar 10 2021) (4.1.27)
Install Dir; /tmp/mnt/sda1/skynet (26.6G / 28.6G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)
Banned Countries; uk
Uptime; 1 days, 13 hours, 13 minutes.
Ram Available; (101M / 430M)

--------------- | ------------ | --------------- | ----------
| Device Name | | | Local IP | | | MAC Address | | | Status |
--------------- | ------------ | --------------- | ----------

S21 | 192.168.1.21 | f6::f5 | Inactive
Unknown | 192.168.1.85 | 48::6b | Online
Unknown | 192.168.1.150 | 18:***********:3f | Online
Unknown | 192.168.1.151 | Unknown | Offline

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

----------- | ----------
| Setting | | | Status |
---------- | ----------

16/18 Tests Sucessful

[*] Local File Missing - [ chartjs-plugin-zoom.js ]

[*] Mounted File Missing - [ chartjs-plugin-zoom.js ]

=============================================================================================================

[#] 45701 IPs (+0) -- 1626 Ranges Banned (+0) || 1716 Inbound -- 20 Outbound Connections Blocked! [debug] [1]

Allow connection on two machines (local network)

Hello,

First of all, thank you for this wonderful script that I have been using for several years!
I would like to use HwR (remote from HWinfo64) on a tablet, the information is then supposed to go through my local network.
Skynet blocks the communication between these two machines, when I disable it temporarily everything works.

HwR is based on a small software "HWInfo Transmlitter".
I tried to whitelist the sending IP but the result is the same.

I also have some little problems with another remote, the one of Audirvana (Audiophyle software) which sometimes has problems to connect.

How to authorize machines to communicate on my local network?
It seemed to me that the Firewall only blocked what came in or out from the WAN and not the LAN.

Thanks in advance :)

filter.list outdated?

Brief Description Of Issue

Many ipsets on the filter.list are not updated anymore or even discontinued.

filter.list with comment

Suggestion

Clean up the list and looking for some alternative sets.

Skynet stopped working on AX88U on 386.1

Brief Description Of Issue

Skynet no longer working on AX88U on 384.19 or 386.1
Trying to force update I get an error that says no internet connectivity
Uninstall/reinstall does not fix the issue

Steps To Reproduce Issue

n/a

Expected Behaviour

n/a

Output of ( sh /jffs/scripts/firewall debug info )

Adding List

Is it possible to insert the following lists even if they are not included in firehol?

Italian CERT ->
https://infosec.cert-pa.it/analyze/listip.txt

Inbound packets being blocked

Brief Description Of Issue

I set up the firewall for filtering out inbound connections from various countries (outbound was still allowed to anything). The problem is that when I make outbound requests to one of the "banned" country's sites (say, asus.cn or asus.jp), the response seems to be getting blocked. My assumption is that connections initiated internally would have their responses allowed back in, but perhaps that's an incorrect assumption. If so, what can I do to enable this ability?

[BLOCKED - INBOUND] IN=eth0 OUT= MAC=[redacted] SRC=211.36.85.142 DST=[redacted] LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=4409 DF PROTO=TCP SPT=10443 DPT=49550 SEQ=88819242 ACK=2389380854 WINDOW=0 RES=0x00 RST URGP=0

Steps To Reproduce Issue

Set inbound firewall policy.
Block a country.
Visit a website located in that country.
Observe blocked connections in syslog.

Expected Behaviour

Inbound connections would be allowed for banned IP ranges, if the connection was initiated internally.

Output of ( sh /jffs/scripts/firewall debug info )

Closed Pull request

Hello Adamm,

Can you take a look at #30?

Thanks,
Willem

Import from a local file

Brief Description Of Issue

Imported files must be imported from a URL. I would like to import files locally.

Steps To Reproduce Issue

sh /jffs/scripts/firewall
Enter the number for importing a list. Try to put a filepath, no worky.

Expected Behaviour

Skynet identifies filepaths vs URLs and handles them accordingly.

dos2unix changes datestamp in "${skynetloc}"/lists/

Fix

Change line nr: 3155

from:
dos2unix "${skynetloc}"/lists/* 2>/dev/null

to:
dos2unix --keepdate "${skynetloc}"/lists/* 2>/dev/null

or:
dos2unix -k "${skynetloc}"/lists/* 2>/dev/null

eval needed?

Brief Description Of Issue

Is this really needed?

command="curl -fsLZ $(awk -F / '{print $0 " -Oz " $5 " "}' /jffs/shared-Skynet-whitelist | xargs)"
eval "$command"

I'm a little concert because I read on many forums using eval is dangerous, and should be avoided whenever possible.

Wthout eval seems to work to:
curl -fsLZ $(awk -F / '{print $0 " -Oz " $5 " "}' /jffs/shared-Skynet-whitelist | xargs)

Or did you use it for debugging the new code?

Would you like to integrate IPSet_ASUS into project SCRIPTS-BOOTLOADER-FOR-ASUS-ROUTER

Hello,

I'm the owner and developer of the project SCRIPTS-BOOTLOADER-FOR-ASUS-ROUTER.

Some users of my project and I really appreciate your great job. It would be a great pleasure if your awesome SKYNET could be integrated into project SCRIPTS-BOOTLOADER-FOR-ASUS-ROUTER which can be deployed on both ASUSWRT and ASUS-MERLIN.

What's more, it's very convenient to integrated a program into SCRIPTS-BOOTLOADER-FOR-ASUS-ROUTER as an add-on as long as the program can run in shell. You can pick any add-on here as a reference. SCRIPTS-BOOTLOADER-FOR-ASUS-ROUTER has already provided swap, entware, monit as the basis. The target is to make Skynet run perfectly on both ASUSWRT and ASUS-MERLIN.

Thanks a lot.

Whitelist double CIDS

Brief Description Of Issue

In the Whitelist_CDN () function ASN CIDS are added two times.

Steps To Reproduce Issue

For example this will output all CIDS from AS714 double:
curl -fsL --retry 3 "https://ipinfo.io/AS714" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}'

Below is a short section form the https://ipinfo.io/AS714 source output.
You can see that the same CIDS is in the href and inside the a tag.

        <td>
            
            <a href="/AS714/144.178.0.0/19" >
                144.178.0.0/19
            </a>
            
        </td>

Possible workaround

Add grep -oE '<a href="/AS.+>' to the line like:
curl -fsL --retry 3 "https://ipinfo.io/$asn" | grep -oE '<a href="\/AS.+>' | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}' | awk -v asn="$asn" '{printf "add Skynet-Whitelist %s comment \"CDN-Whitelist: %s \"\n", $1, asn }' &

One grep with a look-behind solution would be nicer, but on a Asuswrt routers with a Merlin firmware the grep -P (perl-style regexes) is not supported.

WAN down / NTP fail causes duplicate startups

WAN connection was down for a while today, router CPU and memory was super high, shell response to commands super slow, looked ps shows duplicate instances of following processes were sitting apparently 'stuck' waiting for NTP. Appears Skynet respawns over and over even on a persistent WAN down / NTP failure.
sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/foo2foo/skynet
{firewall-start} /bin/sh /jffs/scripts/firewall-start eth0

Running firewall interactive from command line, screen hangs blank for long period then provides this message
"Skynet: [*] Waiting For NTP To Sync"

Logfile is full of:
Skynet: [] Waiting For NTP To Sync
Skynet: [] NTP Failed To Start After 5 Minutes - Please Fix Immediately!

When WAN service was restored, everything seems to work perfectly.

But would be nice if WAN-down behavior was more graceful and less CPU consuming.

Whitelist missing IP’s from shared-Skynet2-whitelist

Steps To Reproduce Issue

After disabling "CDN Whitelisting" and Updating Malware Blacklist there are IP's missing from shared-Skynet2-whitelist:

104.18.45.190 comment "Shared-Whitelist: iplists.firehol.org"
192.168.1.2 comment "Shared-Whitelist: 192.168.1.2"
151.101.36.133 comment "Shared-Whitelist: 		raw.githubusercontent.com"
104.18.44.190 comment "Shared-Whitelist: iplists.firehol.org"
149.28.239.174 comment "Shared-Whitelist: ipdeny.com"

Data

Part of shared-Skynet-whitelist:

https://iplists.firehol.org/files/bds_atif.ipset
https://iplists.firehol.org/files/blocklist_de.ipset
https://iplists.firehol.org/files/greensnow.ipset

shared-Skynet2-whitelist:

ipdeny.com
                ipapi.co
                speedguide.net
                otx.alienvault.com
                raw.githubusercontent.com
                iplists.firehol.org
                astrill.com
                strongpath.net
                snbforums.com
                bin.entware.net
                nwsrv-ns1.asus.com
                nl.pool.ntp.org
                pool.ntp.org
                https://fwupdate.asuswrt-merlin.net

Suggestion

I think the tabs in shared-Skynet2-whitelist are part of the problem.
Here a suggested to fix the Whitelist_Extra function:

Whitelist_Extra () {
                echo "ipdeny.com" > /jffs/shared-Skynet2-whitelist
                echo "ipapi.co" >> /jffs/shared-Skynet2-whitelist
                echo "speedguide.net" >> /jffs/shared-Skynet2-whitelist
                echo "otx.alienvault.com" >> /jffs/shared-Skynet2-whitelist
                echo "raw.githubusercontent.com" >> /jffs/shared-Skynet2-whitelist
                echo "iplists.firehol.org" >> /jffs/shared-Skynet2-whitelist
                echo "astrill.com" >> /jffs/shared-Skynet2-whitelist
                echo "strongpath.net" >> /jffs/shared-Skynet2-whitelist
                echo "snbforums.com" >> /jffs/shared-Skynet2-whitelist
                echo "bin.entware.net" >> /jffs/shared-Skynet2-whitelist
                echo "nwsrv-ns1.asus.com" >> /jffs/shared-Skynet2-whitelist
                echo "$(nvram get "ntp_server0")" >> /jffs/shared-Skynet2-whitelist
                echo "$(nvram get "ntp_server1")" >> /jffs/shared-Skynet2-whitelist
                echo "$(nvram get "firmware_server")" >> /jffs/shared-Skynet2-whitelist
}

firewall: line 301: syntax error: unexpected "}" (expecting "fi")

api.hackertarget.com is rate limiting. Custom user agent needed?

Brief Description Of Issue

CDN Whitelisting is failing for some users due to "API count exceeded - Increase Quota with Membership" errors.

Steps To Reproduce Issue

https://www.snbforums.com/threads/paypal-is-being-blocked.67744/page-2#post-633865

Expected Behaviour

Add custom random user agent to the curl command in Whitelist_CDN() ? Maybe ?

Output of ( sh /jffs/scripts/firewall debug info )

duplicate Skynet tabs after restart of Skynet via cmd line

Brief Description Of Issue

duplicate Skynet tab generated in the firewall page when restarted skynet in the cmd line

Steps To Reproduce Issue

Asus 68U
Asus merlin 384.19
Skynet installed via amtm
first tab appears in the fw menu
via amtm, open skynet cmd line and choose restart skynet
a second Skynet tab appears with valid info

Expected Behaviour

remove first tab when restarting

Output of ( sh /jffs/scripts/firewall debug info )

Issues with VoWiFi

Hi @Adamm00 , remember me? Left SNB a while ago in an emotional state, but I could really use your assistance, so I hope you don't mind me opening an issue on Github. If so, just let me know.

Not sure whether this is Skynet-related but I'm sure you'll be able to tell. I'm trying to use Vodafone WiFi calling (VoWiFi) on our (supported) iPhones SE, which needs outgoing udp traffic to dpt 500 and 4500 to be allowed to connect to their (Dutch) voice server(s), of which I do not yet have the IP address. VoWiFi is enabled on both our phones but no matter what I do, none of the phones is able to connect to their server.

I manually ran

iptables -A OUTPUT -p udp -m udp --dport 500 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 4500 -j ACCEPT

but without success. Checked Skynet log entries, but couldn't find any blocked outgoing traffic. The ports mentions aboved don't show up in the stats either. Feel like I'm missing something here, but don't know what. Do our 68U's allow all outgoing traffic by default? Your assistance is greatly appreciated.

Best regards,
Marco

Re-enable line wrap on the end of the script

Brief Description Of Issue

After running Skynet terminal line wrap remains disabled.

Sugesstion

Re-enable line wrap with
printf '\033[?7h'

whitelist MAC

Brief Description Of Issue

I am trying to figure out if there is a way to whitelist based on MAC address rather than IP. I keep getting blocked to my home router by Skynet when I come in from overseas for work, and obviously my IP changes all the time, but my MAC doesn't, so if I could whitelist based on that... I think I will stop running into this :(

Skynet broken: IPSets | [Failed] IPTables Rules | [Failed]

Brief Description Of Issue

Skynet doesn't seem to be working. In the menu it says:

IPSets                              | [Failed]
IPTables Rules                      | [Failed]

Not sure if the "Rule Integrity Violation" in the debug info is just for information or actually is the issue. Any idea where to look for the issue? I tried to uninstall Skynet and reinstall it and it didn't help. Any ideas what to do next?

Output of ( sh /jffs/scripts/firewall debug info )

Router Model; RT-AC68U
Skynet Version; v7.2.2 (12/10/2020) (23e3fd7e84d63b3f9cdd3a3055732e5e)
iptables v1.4.15 - ( @ 192.168.250.1)
ipset v6.32, protocol version: 6
IP Address; (0.0.0.0) - (/)
FW Version; 384.19_0 (Aug 14 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/RouterDrive/skynet (24.2G / 28.2G Space Available)
SWAP File; /tmp/mnt/RouterDrive/myswap.swp (2.0G)
Syslog Location; (/opt/var/log/skynet-0.log) (/tmp/syslog.log-1)
Uptime; 0 days, 0 hours, 19 minutes.
Ram Available; (169M / 249M)


---------------                          | ------------     | ---------------      | ----------
| Device Name |                          | | Local IP |     | | MAC Address |      | | Status |
---------------                          | ------------     | ---------------      | ----------
** Not Relevant **


--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Config File                         | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
Profile.add Entry                   | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 3 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Failed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Passed]
MenuTree.js Entry                   | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Custom]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

17/18 Tests Sucessful

[*] Rule Integrity Violation - [ #6 #16 ]


=============================================================================================================


[#] 0 IPs (+0) -- 0 Ranges Banned (+0) ||  Inbound --  Outbound Connections Blocked! [debug] [3s]

Missing sub domain in Whitelist_Extra() function

Current function

Whitelist_Extra() {
	echo "ipdeny.com
	ipapi.co
	api.db-ip.com
	hackertarget.com
	speedguide.net
	otx.alienvault.com
	raw.githubusercontent.com
	iplists.firehol.org
	astrill.com
	strongpath.net
	snbforums.com
	bin.entware.net
	nwsrv-ns1.asus.com
	$(nvram get "firmware_server")
	$(nvram get "ntp_server0")
	$(nvram get "ntp_server1")" | tr -d "\t" > /jffs/addons/shared-whitelists/shared-Skynet2-whitelist
}

nslookup

nslookup hackertarget.com
Server:    84.116.46.22
Address 1: 84.116.46.22

Name:      hackertarget.com
Address 1: 35.186.165.146 146.165.186.35.bc.googleusercontent.com

nslookup api.hackertarget.com
Server:    84.116.46.22
Address 1: 84.116.46.22

Name:      api.hackertarget.com
Address 1: 104.209.237.77

Conclusion

Whitelist hackertarget.com doesn't whitelist api.hackertarget.com

Sugestion

Replace hackertarget.com by api.hackertarget.com in the Whitelist_Extra() function

cat shared-Skynet-whitelist, is this correct?

Is this correct, shouldn't that be the white-listed entries?

/jffs/scripts/firewall: line 40: arithmetic syntax error

Brief Description Of Issue

When checking if Skynet was running it shows this error: /jffs/scripts/firewall: line 40: arithmetic syntax error. I'm not sure if it happened after an update, but it seems non-functional now. I'm running RT-AC87U (armv7l) FW-384.13. There won't be newer firmwares for this router, but i surely don't hope skynet will stop working.

Steps To Reproduce Issue

Whenever Skynet starts. Even after "firewall update -f", router restarts etc. Only thing I haven't tried is reinstalling Skynet completly, but that doesn't seem like it would matter.

Expected Behaviour

Skynet starting without errors :)

Output of ( sh /jffs/scripts/firewall debug info )

Router Model;
Skynet Version; (01/12/2020) (53fb775bbac7279017132726fbdf8ccb)
iptables v1.4.15 - (vlan300 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address;
FW Version; 384.13_10 (Jun 28 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/NAS/skynet (61.7G / 1.7T Space Available)
Syslog Location; () ()
Uptime; 0 days, 0 hours, 28 minutes.
Ram Available; (90M / 249M)

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

----------- | ----------
| Setting | | | Status |
---------- | ----------

15/15 Tests Sucessful

Skynet Blocking COD Warzone

Brief Description Of Issue

Skynet Blocking COD Warzone Online Services since about 1 or 2 days

Steps To Reproduce Issue

Enable Skynet > COD Warzone cannot connect to online services

Disable Skynet > Can play Warzone perfectly fine.

Been troubleshooting this issue for a long time since I would not thought it would have to do with my router.

I cannot reply to any threads on SNB since I have a new account so I'd figured I'd post here.

Expected Behaviour

Output of ( sh /jffs/scripts/firewall debug info )

Is there something wrong with the iptables (log) rules?

Brief Description Of Issue

After installing Skynet or Skynet Lite (witch uses the same iptables rules) DROP's like below are not logged anymore:

Oct 12 20:24:53 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=123.14.87.235 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=60536 PROTO=TCP SPT=1361 DPT=23 SEQ=1411206384 ACK=0 WINDOW=5219 RES=0x00 SYN URGP=0 
Oct 12 20:25:00 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=106.75.13.173 DST=xxx.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2520 PROTO=TCP SPT=58914 DPT=67 SEQ=124601707 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (02040584) 
Oct 12 20:25:05 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=78.154.18.99 DST=xxx.xxx.xxx.xxx LEN=134 TOS=0x00 PREC=0x00 TTL=118 ID=18017 PROTO=UDP SPT=53009 DPT=53803 LEN=114 
Oct 12 20:25:15 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=17.57.144.4 DST=xxx.xxx.xxx.xxx LEN=105 TOS=0x00 PREC=0x00 TTL=50 ID=37681 DF PROTO=TCP SPT=443 DPT=63528 SEQ=2602349115 ACK=3283063853 WINDOW=303 RES=0x00 ACK PSH URGP=0 OPT (0101080AA0CCBD7131E0B961) 
Oct 12 20:25:15 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.241.218.169 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57102 DPT=264 SEQ=351579914 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 
Oct 12 20:25:23 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=81.16.206.8 DST=xxx.xxx.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=110 ID=33991 PROTO=UDP SPT=38562 DPT=53803 LEN=111 
Oct 12 20:25:24 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=143.204.94.49 DST=xxx.xxx.xxx.xxx LEN=83 TOS=0x00 PREC=0x00 TTL=244 ID=47919 DF PROTO=TCP SPT=443 DPT=64503 SEQ=642779507 ACK=3902175720 WINDOW=123 RES=0x00 ACK PSH URGP=0 OPT (0101080A1EDC158231E137A2) 
Oct 12 20:25:24 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=143.204.94.49 DST=xxx.xxx.xxx.xxx LEN=83 TOS=0x00 PREC=0x00 TTL=244 ID=57875 DF PROTO=TCP SPT=443 DPT=64501 SEQ=2290861553 ACK=375851874 WINDOW=123 RES=0x00 ACK PSH URGP=0 OPT (0101080A1EDBF12831E137A9) 
Oct 12 20:25:24 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=143.204.94.49 DST=xxx.xxx.xxx.xxx LEN=83 TOS=0x00 PREC=0x00 TTL=243 ID=18281 DF PROTO=TCP SPT=443 DPT=64504 SEQ=3157486796 ACK=3061319390 WINDOW=123 RES=0x00 ACK PSH URGP=0 OPT (0101080A1E9C064331E137A8) 
Oct 12 20:25:24 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=143.204.94.49 DST=xxx.xxx.xxx.xxx LEN=83 TOS=0x00 PREC=0x00 TTL=244 ID=29493 DF PROTO=TCP SPT=443 DPT=64502 SEQ=2109640064 ACK=3010256920 WINDOW=123 RES=0x00 ACK PSH URGP=0 OPT (0101080A1ED1090E31E13836) 
Oct 12 20:25:24 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=35.244.181.201 DST=xxx.xxx.xxx.xxx LEN=115 TOS=0x00 PREC=0x80 TTL=60 ID=10133 PROTO=TCP SPT=443 DPT=64499 SEQ=9698972 ACK=3074473230 WINDOW=277 RES=0x00 ACK PSH URGP=0 OPT (0101080AE2B791A531E13849) 
Oct 12 20:25:29 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=40.101.18.242 DST=xxx.xxx.xxx.xxx LEN=1160 TOS=0x00 PREC=0x00 TTL=244 ID=25061 DF PROTO=TCP SPT=443 DPT=52050 SEQ=4080673919 ACK=2637222893 WINDOW=2053 RES=0x00 ACK PSH URGP=0 
Oct 12 20:25:29 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=40.101.18.242 DST=xxx.xxx.xxx.xxx LEN=1160 TOS=0x00 PREC=0x00 TTL=244 ID=25062 DF PROTO=TCP SPT=443 DPT=52050 SEQ=4080673919 ACK=2637222893 WINDOW=2053 RES=0x00 ACK PSH URGP=0 
Oct 12 20:25:29 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=40.101.18.242 DST=xxx.xxx.xxx.xxx LEN=1160 TOS=0x00 PREC=0x00 TTL=244 ID=25063 DF PROTO=TCP SPT=443 DPT=52050 SEQ=4080673919 ACK=2637222893 WINDOW=2053 RES=0x00 ACK PSH URGP=0 
Oct 12 20:25:30 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=5.189.187.90 DST=xxx.xxx.xxx.xxx LEN=125 TOS=0x00 PREC=0x00 TTL=57 ID=60572 DF PROTO=UDP SPT=6938 DPT=53803 LEN=105 
Oct 12 20:25:30 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=40.101.18.242 DST=xxx.xxx.xxx.xxx LEN=1160 TOS=0x00 PREC=0x00 TTL=244 ID=25064 DF PROTO=TCP SPT=443 DPT=52050 SEQ=4080673919 ACK=2637222893 WINDOW=2053 RES=0x00 ACK PSH URGP=0 
Oct 12 20:25:31 kernel: DROP IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=40.101.18.242 DST=xxx.xxx.xxx.xxx LEN=1160 TOS=0x00 PREC=0x00 TTL=244 ID=25065 DF PROTO=TCP SPT=443 DPT=52050 SEQ=4080673919 ACK=2637222893 WINDOW=2053 RES=0x00 ACK PSH URGP=0

Also port scans are not logged anymore for example:
ShieldUP! https://www.grc.com/x/ne.dll?bh0bkyd2

After uninstall Skynet/Skynet Lite and reboot port scans are logged again.
I hope this can be fixed! (I had the idea to scan the logfile for kernel: DROP and make an auto block-list that will automatically expire after a certain time interval)

Thanks,

Willem Bartels

arithmetic syntax error

No changes to the router in the last few days, everything seemingly running fine, then logged in today to see this error.

/jffs/scripts/firewall: line 40: arithmetic syntax error

Not sure how to.....

Output of ( sh /jffs/scripts/firewall debug info )

Lock File Detected (banmalware)

Brief Description Of Issue;

After successive re-installations, skynet didn´t restart

Steps To Reproduce Issue;

/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod +x /jffs/scripts/firewall && /jffs/scripts/firewall install

Expected Behaviour;

firewall process running

Output of ( sh /jffs/scripts/firewall debug info );

Skynet Version; v6.3.1 (17/07/2018)
iptables v1.4.14 - (ppp0 @ 192.168.200.1)
ipset v6.32, protocol version: 6
FW Version; 380.70_0 (Apr 9 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/DATA/skynet (9.5G / 12.2G Space Available)
SWAP File; /tmp/mnt/DATA/myswap.swp (513.0M)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/DATA/skynet
Lock File Detected (banmalware) (pid=13001)
Locked Processes Generally Take 1-2 Minutes To Complete And May Result In Temporarily "Failed" Tests

0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked!

Skynet Not working anymore on RT-AC3200

Brief Description Of Issue

I cannot not access Skynet anymore, I initially instaled it via amtm and it stops working, first it was showing cron job and others failed and then, black screen.

I tried to uninstall / Install with the same result, the issue is recent.

Steps To Reproduce Issue

Install Skynet on RT-AC3200 frw: 384.13_10

Expected Behaviour

Skynet to work

Output of ( sh /jffs/scripts/firewall debug info )

as shown in the screenshot

N/A

Blocking github.com

Brief Description Of Issue

I'm having problems accessing github.com

Steps To Reproduce Issue

Expected Behaviour

Output of ( sh /jffs/scripts/firewall debug info )

asusvilar@router:/tmp/home/root# sh /jffs/scripts/firewall debug info
#############################################################################################################

Router Firewall And Security Enhancements

By Adamm - https://github.com/Adamm00/IPSet_ASUS

12/03/2021 - v7.2.4

#############################################################################################################

=============================================================================================================

Router Model; RT-AC86U
Skynet Version; v7.2.4 (12/03/2021) (5108beaccd8af56c50682d2253e66320)
iptables v1.4.15 - (eth0 @ 192.168.3.1)
ipset v7.6, protocol version: 7
IP Address; ()
FW Version; 386.2_beta1 (Mar 10 2021) (4.1.27)
Install Dir; /tmp/mnt/Router/skynet (101.8G / 109.5G Space Available)
SWAP File; /tmp/mnt/Router/myswap.swp (2.0G)
Syslog Location; (/opt/var/log/skynet-0.log) (/tmp/syslog.log-1)
Uptime; 0 days, 7 hours, 38 minutes.
Ram Available; (50M / 430M)

--------------- | ------------ | --------------- | ----------
| Device Name | | | Local IP | | | MAC Address | | | Status |
--------------- | ------------ | --------------- | ----------

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

----------- | ----------
| Setting | | | Status |
---------- | ----------

18/18 Tests Sucessful

=============================================================================================================

[#] 45755 IPs (+0) -- 1625 Ranges Banned (+0) || 79 Inbound -- 66 Outbound Connections Blocked! [debug] [2s]

asusvilar@router:/tmp/home/root#

and

asusvilar@router:/tmp/home/root# firewall stats search ip 140.82.121.4
#############################################################################################################

Router Firewall And Security Enhancements

By Adamm - https://github.com/Adamm00/IPSet_ASUS

12/03/2021 - v7.2.4

#############################################################################################################

=============================================================================================================

[i] Logging Data Detected in /tmp/mnt/Router/skynet/skynet.log - 2.4M
[i] Monitoring From Mar 15 17:53:46 To Mar 16 22:42:07
[i] 8912 Block Events Detected
[i] 1700 Unique IPs
[i] 0 Manual Bans Issued

Warning: 140.82.121.4 is in set Skynet-Whitelist.
Warning: 140.82.121.4 is in set Skynet-Blacklist.
140.82.121.4 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
140.82.121.4 "ManualWlistD: github.com"

Blacklist Reason;
"BanMalware: firehol_level3.netset"

[i] IP Location - Netherlands (GITHUB / AS36459)

[i] 140.82.121.4 First Tracked On
[i] 140.82.121.4 Last Tracked On
[i] 0 Blocks Total

Event Log Entries From 140.82.121.4;
Mar 16 22:41:03 Skynet: [Manual Whitelist] TYPE=Domain SRC=140.82.121.4 Host=github.com

First Block Tracked From 140.82.121.4;
--*
10 Most Recent Blocks From 140.82.121.4;

Top 10 Targeted Ports From 140.82.121.4 (Inbound);

-------- | -------- | --------------
| Hits | | | Port | | | SpeedGuide |
-------- | -------- | --------------

Top 10 Sourced Ports From 140.82.121.4 (Inbound);

-------- | -------- | --------------
| Hits | | | Port | | | SpeedGuide |
-------- | -------- | --------------

*--

=============================================================================================================

[#] 45755 IPs (+0) -- 1625 Ranges Banned (+0) || 74 Inbound -- 66 Outbound Connections Blocked! [stats] [3s]

I had to manually add to whitelist. Probably have to report to the list owners and not here but I also have some problems since last update and do not know if it has something to do with github being blocked: stats sometimes don't generate and I don't have a clue how to debug, could you please help?
thank you

Old support forum broken

Hi,

The old support forum is broken. The link in the about section directs to a closed thread and it is apparent that the developer is no longer, at this stage at least, using that forum as a method of support.

Are there other places on the web where the community can interact with the developer and each other? Is there a discord channel?

Ban does not work

Brief Description Of Issue

Sorry for the very basic issue but I can't seem to make the ban command work. I know it's probably my setup but I need some help to find out why it's not working...

Thanks in advance

Steps To Reproduce Issue

I'm entering the following command

firewall ban domain 25stanley.com

getting this as output

[i] Adding 25stanley.com To Blacklist
[i] Banning 104.26.5.69
[i] Banning 104.26.4.69
[i] Banning 172.67.75.56
[i] Saving Changes

But all the devices connected to my network can still access the web site without being blocked.

Expected Behaviour

Outbound access to the domain should be blocked.

Output of ( sh /jffs/scripts/firewall debug info )

Router Model; RT-AC86U
Skynet Version; v7.2.3 (01/12/2020) (358a0e65e85afa8425897a993eb84b8c)
iptables v1.4.15 - (ppp0 @ XXXXXXXXXX)
ipset v6.32, protocol version: 6
IP Address; (XXXXXXXX)
FW Version; 384.19_0 (Aug 14 2020) (4.1.27)
Install Dir; /tmp/mnt/SONY16GB/skynet (11.4G / 14.2G Space Available)
SWAP File; /tmp/mnt/SONY16GB/myswap.swp (2.0G)
Banned Countries; cn br ir ua ar iq tw th lv ru ro cl sa pk bg
Uptime; 0 days, 1 hours, 2 minutes.
Ram Available; (108M / 430M)

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

----------- | ----------
| Setting | | | Status |
---------- | ----------

18/18 Tests Sucessful

Recommendation for false positive firehol 3 ipset

Brief Description Of Issue

At least 4 or 5 times over the past month firehol level 3 ipset had bad entries in it. What is the recommendation to remedy this? Add addresses to whitelist or try to report to firehol (which i couldn't find).

Proof of concept

Skynet Lite

I started this proof of concept only to demonstrate two new features:

Only update new or changed ipsets.
Use the ipset swap feature.

But I couldn't stop when I learned programming in shell script.
The main focus of this project is the update process.
I hope you like some of the features and be able to back port these to Skynet.

Key features

Small one file shell script, no need for an external USB drive.
Support for plain text gzip transfer-encoding.
Only download and update changed blocklist sets.
Use incremental update for all blocklist sets.
For all other lists the ipset swap feature is used.

See project at: https://github.com/wbartels/IPSet_ASUS_Lite

Country IPset Blocking Non-Blocked IP's

Brief Description Of Issue

I have about 10 countries blocked in Skynet. Recently several websites started getting blocked and I see that the reason listed is that it is in the blocked countries list. The issue is that even the logs show that the IP is in the US, which is not blocked.

Steps To Reproduce Issue

Add countries to the banned list and try to access certain websites/IP's.

Expected Behaviour

I would expect the Country ban to not ban an IP/CIDR from a country that I am not blocking.

Output of ( sh /jffs/scripts/firewall debug info )

Ban list: "in pk cn ru lu my kr kp jp il ir cz mo hk br sa vn fr"

IP Being Blocked: 185.230.60.185

Error in skynet log "/jffs/scripts/firewall: line 5682: [: Argument list too long:

Brief Description Of Issue

Noted the following error occasionally repeating in my skynet logs. Googled but, did not find anything specific:

skynet /jffs/scripts/firewall: line 5682: [: Argument list too long

Steps To Reproduce Issue

None - Simply running Skynet.

Expected Behaviour

Error should not bee seen.

Output of ( sh /jffs/scripts/firewall debug info )

Router Firewall And Security Enhancements

By Adamm - https://github.com/Adamm00/IPSet_ASUS#

01/12/2020 - v7.2.3

================================================================================
Router Model; RT-AC5300
Skynet Version; v7.2.3 (01/12/2020) (358a0e65e85afa8425897a993eb84b8c)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (73.227.230.247)
FW Version; 384.19_0 (Aug 14 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/ENTWARE/skynet (50.9G / 56.4G Space Available)
SWAP File; /tmp/mnt/ENTWARE/myswap.swp (2.0G)
Syslog Location; (/opt/var/log/skynet-0.log) (/tmp/syslog.log-1)
Banned Countries; cn ru sc ua ee ls gr bg hr cz ge hu kg lv lt mc kp ro sk vn uk
Uptime; 15 days, 13 hours, 5 minutes.
Ram Available; (102M / 503M)

--------------- | ------------ | ---------------
| Device Name | | | Local IP | | | MAC Address |
--------------- | ------------ | ---------------

REMOVED

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

----------- | ----------
| Setting | | | Status |
---------- | ----------

18/18 Tests Sucessful

================================================================================

[#] 52609 IPs (+0) -- 36158 Ranges Banned (+0) || 199 Inbound -- 1 Outbound Con]

Please see update issues 37

Brief Description Of Issue

Please see update issues #37

What routers does Skynet work on?

I am using an Asus AC56U and Skynet works fine. I'm considering updating my modem to a new Asus model as Merlin no longer supports updates to my router. I noticed this from an older post in 2014:
For now support is limited to the AC56U and AC68U. Sorry about that.

As that post is many years old I am curious if other routers have since been added to the list of supported routers. Can you please list which Asus routers can currently run Skynet.

Many Thanks!

How to remove skynet?

Brief Description Of Issue

The USB drive crashed, how to remove it manually in order to reinstall it please?

Some things to consider

Thanks for a good work. I have explored several scripts an this is the one I like best.
I have found some things that I'm not completely happy about. Maybe you can consider.

I suggest you use ipset commands as described in the current man page, e.g use "add" instead of the old "-A". Much easier to understand.
Several times you use (ipset) -q when -! would be quite appropriate.
Something to wish for is to autoban the whole ISP and not just one IP (the serous attacker will have many IP's). I have not figured out how to do that, but sometimes I do it manually using whois.
That process would be much easier if the autobans had a separate ipset, also included in the Skynet group.

Whitelist_Shared
Please remove (already handled):
ipset -q -A Whitelist 192.168.1.0/24 comment "nvram: LAN Subnet"
Please add:
ipset -! add Whitelist "$(nvram get vpn_server1_sn)"/24 comment "nvram: vpn_server1_sn"
ipset -! add Whitelist "$(nvram get vpn_server2_sn)"/24 comment "nvram: vpn_server2_sn"
ipset -! add Whitelist "$(nvram get vpn_server_sn)"/24 comment "nvram: vpn_server_sn"

start
Please don't save the ipsets at start; It is very important to finish quickly. If the script takes too long time it may get called again and you will have two processes changing the iptables, with unpredictable result. (New behaviour in latest merlin release, at least on my router).
Better to just leave the saving to the cron script.
Why the sleep? I see no reason (and as above; it can create problems).

Unban_PrivateIP
Why this?
I blacklist the full range of all private subnets and whitelist my own subnets (from nvram as above). Whitelist is checked first so that should be the right way to do this.
(I have seen e.g. SRC=10.2.20.4 coming in on eth0. It should not be routed by my ISP but it's proper for me to just drop it.)

iptables
I suggest you apply the recommended pattern and do all filtering in the filter table. You could introduce a Skynet chain and do everything there, and have just one jump from somewhere in the input chain (on top, and you don't need to delete anything).
The raw table is not intended for filtering. Also, it's not reset to defaults when restarting the firewall service (as the filter table is), which makes it confusing.
And I don't agree with having the same filtering for outgoing and forward. Some filtering could be ok, just to behave sane and not send out bad packets, but absolutely not the same blacklist as for input.
(I might want to prevent US hackers to try my SSH, but I don't want to block all US web sites. Two very different problems that need different solutions, and I already use OpenDNS.)

I hope something here can be useful to you.
/BR

Filter_PrivateIP() fix and suggestion

Brief Description Of Issue

The regex in Filter_PrivateIP() is missing one |
Between (^8.8.4.4) and (^1.1.1.1)

Fix

Filter_PrivateIP() {
	grep -vE '(^127\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)|(^0.)|(^169\.254\.)|(^22[4-9]\.)|(^23[0-9]\.)|(^255\.255\.255\.255)|(^8\.8\.8\.8)|(^8\.8\.4\.4)|(^1\.1\.1\.1)|(^1\.0\.0\.1)'
}

Suggestion

Here a suggestion to write the functions shorter with less irritations.
Also added the "Carrier-grade NAT" range 100.64.0.0/10

Filter_PrivateIP() {
	grep -vE '^(0.|10\.|100\.(6[4-9]|[7-9][0-9]|1[0-1][0-9]|12[0-7])\.|127\.|169\.254\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.|22[4-9]\.|23[0-9]\.|255\.255\.255\.255|8\.8\.8\.8|8\.8\.4\.4|1\.1\.1\.1|1\.0\.0\.1)'
}

ax88u ram 99%

Brief Description Of Issue

within a minute or 2 of installing skynet my ram goes from 50% to 99%

Steps To Reproduce Issue

install and turn on skynet (diversion already up and running)

Expected Behaviour

few mbs

Output of ( sh /jffs/scripts/firewall debug info )

point me to what you need and i can provide.. just started after recent merlin update