-
-
Notifications
You must be signed in to change notification settings - Fork 62
Home
This is the official Wiki/documentation for Skynet, a firewall addition designed for Asus routers.
Note: As with any Wiki, this documentation is a constant work-in-progress. Most of the content is contributed by the community - anyone with a Github account can edit it.
This warning should generally disappear within 60 seconds. Skynet has a built in lockfile system to prevent certain functions and commands interfering with each-other and causing race conditions.
Don't worry, tracking down false positive bans was at the core of design. Generally speaking you can follow these steps to find (and whitelist) anything incorrectly on your Blacklist!
- Enable Logging;
sh /jffs/scripts/firewall settings logmode enable
- Open the blocked application/website and use the command;
sh /jffs/scripts/firewall debug watch
- Now look for a flood of [BLOCKED - OUTBOUND] coming from the same IP. This most likely will be the IP you are looking for if its being spammed in large numbers.
- Copy the IP following "DST=" it should look something like this;
DST=175.115.37.52
- Double check the IP is not actually something that should be banned, use a search tool like alienvault. If its related to a domain additional "Associated Domain" information should be printed beneath the log.
https://otx.alienvault.com/indicator/ip/175.115.37.52/
- Great we have confirmed we found the IP of the blocked website/application we are looking for, lets whitelist it!
sh /jffs/scripts/firewall whitelist ip 175.115.37.52
In recent versions Diversion and Skynet have been working together for better integration. Skynet now offloads some malware website blocking to Diversion to prevent false positives from sites based on shared hosting where IP based blocking may cause false positives.
To remove this error and enable "Plus Content", under the "b" option in Diversion select the option "Use additional hosts files"
Skynet relies on NTP starting on boot for accurate logging, in the event NTP fails to start in the first 5 minutes of the boot process, Skynet will abort startup.
Skynet relies on features from IPSet v6.x This means unfortunately any devices older then the AC56U are not supported as they use an older kernel which doesn't support IPSet v6.x
Skynet relies on IPSet functionality in Merlin-WRT and Johns fork that was added around August 2017, that means the minimum supported versions are 380.68 / V26E3 respectively.
Upon executing commands, Skynet will check if the install directory exists and is writable, if either test fails Skynet will abort execution.
Having some scripts installed will give Skynet users a warning that they could cause compatibility issues as they mimic certian functionality. You should remove these scripts to continue using Skynet.
Skynet will check your connection during certain functions to make sure you have online connectivity. If it fails 4 times within 30 seconds Skynet will exit.
Skynet will validate content during processing to make sure it is correctly formatted. Use the default lists for reference.
Skynet frequently checks the integrity of it's IPTables rules and IPSets. If any modifications are detected Skynet will restart the firewall service to flush the bad rules.
This error usually indicates your config file is empty (sometimes caused by a USB device going bad). You can rerun the install command to reconfigure Skynet.