DigiRD Posted December 4, 2017 Share Posted December 4, 2017 I want to connect a device to a wired ethernet connection, so that I'm able to block specific network traffic with a hardware firewall. At first I was playing with a Raspberry Pi 3 to get the job done, but I think the Packet Squirrel is much easier and better suited for the job. What is the best way to use the Packet Squirrel as a hardware firewall? By just using iptables or does someone has a payload available or any other suggestions? Thanks Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 4, 2017 Share Posted December 4, 2017 I believe you could do it using iptables. Set it to NETMODE TRANSPARENT inbetween a client and a network (or a LAN and a WAN) and set it to only pass through certain ports (or not pass through certain ports). I'm sure if you have a quick Google you'll find some iptables commands suited for the job. Good luck! Link to comment Share on other sites More sharing options...
DigiRD Posted December 5, 2017 Author Share Posted December 5, 2017 Thanks for your reply. I added iptables rules directly on the PS while in arming mode, but that doesn't work. Does the PS only work when using switch 1, 2 and 3 in combination with shell scripts? The following script didn't worked either; #!/bin/bash # # Title: Hardware-firewall # Description: Block all network traffic from and to Apple servers (17.0.0.0/8) # Set networking to TRANSPARENT mode and wait five seconds NETMODE TRANSPARENT sleep 5 # Block network traffic to and from Apple iptables -A INPUT -s 17.0.0.0/8 -j DROP iptables -A OUTPUT -s 17.0.0.0/8 -j DROP # Show when ready LED W DOUBLE I simply want to block all incoming and outgoing traffic to ip addresses starting with 17.*.*.* (17.0.0.0/8), nothing else. In the meantime I'll keep digging to find out what I'm doing wrong. Any feedback is appreciated. Link to comment Share on other sites More sharing options...
killergeek Posted December 5, 2017 Share Posted December 5, 2017 i think you need another net mode. because the transparent will just pass all the data trough and you cant change any of it. the ps can only read the data.https://www.hak5.org/gear/packet-squirrel/docs so netmode bridge, nat or clone is probably the one you need. Link to comment Share on other sites More sharing options...
DigiRD Posted December 6, 2017 Author Share Posted December 6, 2017 Thanks, I tried all netmode options, but nothing worked. It looks like it has something to do with the iptables command, but I haven't figured it out yet. Am I missing something in the above shell script (changed it to netmode BRIDGE)? Does the PS even accept such iptables commands? If I look at iptables -L in arming mode after having used the payload, it doesn't seem to save the blocked IP-adresses. So do I need to add some lines to the payload to save and restart iptables? It didn't work with the service command. Link to comment Share on other sites More sharing options...
tummyacid Posted December 7, 2017 Share Posted December 7, 2017 I am trying the same thing and still no luck. I've tried specifying -i lan-br in net mode BRIDGE. Please post if you get anywhere. Link to comment Share on other sites More sharing options...
biob Posted December 7, 2017 Share Posted December 7, 2017 perhaps use this as a starting point? Link to comment Share on other sites More sharing options...
biob Posted December 7, 2017 Share Posted December 7, 2017 You need to declare the interface Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 7, 2017 Share Posted December 7, 2017 14 hours ago, biob said: You need to declare the interface iptables -i br-lan Like-ah so. Link to comment Share on other sites More sharing options...
tummyacid Posted December 8, 2017 Share Posted December 8, 2017 LED SETUP # Set networking to BRIDGE mode and wait five seconds NETMODE BRIDGE sleep 5 # Block network traffic to local test host iptables -I INPUT -i br-lan -d 192.168.1.104 -j DROP iptables -I INPUT -i br-lan -s 192.168.1.104 -j DROP # Show when ready LED ATTACK ping requests still succeed. I tried chains FORWARD and OUTPUT. Should I use another chain? Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 11, 2017 Share Posted December 11, 2017 Maybe you need to iptables -a PREROUTING just to make sure it drops it before it passes it through? Link to comment Share on other sites More sharing options...
DigiRD Posted December 11, 2017 Author Share Posted December 11, 2017 After testing I got a working script. I also tested netmode BRIDGE and CLONE, but those didn't work. I chose the eth1 interface, which is the one that is connected to the LAN and not the target (but it doesn't really matter). Choosing br-lan didn't work as an interface. I was just playing around to see if I can control Apple connections to an iPhone. With the script below and a USB-Ethernet adapter for the iPhone, I can visit the internet when the phone is in flight mode, but without connecting to Apple services. It doesn't synchronize Apple mail, cant receive the ping sound for a lost phone, etc. #!/bin/bash # # Title: Hardware-firewall # Description: Block all network traffic from and to Apple servers (17.0.0.0/8) # Set networking to NAT mode and wait five seconds NETMODE NAT sleep 5 # Block network traffic to and from Apple iptables -i eth1 -I FORWARD -s 17.0.0.0/8 -j DROP iptables -i eth1 -I FORWARD -d 17.0.0.0/8 -j DROP # Show when ready LED W DOUBLE Thanks to everyone who replied to my question! Learned a lot and was pointed in the right directions. :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.