Jump to content

Using the Packet Squirrel as hardware firewall


DigiRD

Recommended Posts

Posted

I want to connect a device to a wired ethernet connection, so that I'm able to block specific network traffic with a hardware firewall. At first I was playing with a Raspberry Pi 3 to get the job done, but I think the Packet Squirrel is much easier and better suited for the job.

What is the best way to use the Packet Squirrel as a hardware firewall? By just using iptables or does someone has a payload available or any other suggestions?

Thanks

Posted

I believe you could do it using iptables. Set it to NETMODE TRANSPARENT inbetween a client and a network (or a LAN and a WAN) and set it to only pass through certain ports (or not pass through certain ports).

I'm sure if you have a quick Google you'll find some iptables commands suited for the job.

Good luck!

Posted

Thanks for your reply.

I added iptables rules directly on the PS while in arming mode, but that doesn't work. Does the PS only work when using switch 1, 2 and 3 in combination with shell scripts?

The following script didn't worked either;

#!/bin/bash
#
# Title:		Hardware-firewall
# Description:	Block all network traffic from and to Apple servers (17.0.0.0/8)

# Set networking to TRANSPARENT mode and wait five seconds
NETMODE TRANSPARENT
sleep 5
    
# Block network traffic to and from Apple
iptables -A INPUT -s 17.0.0.0/8 -j DROP
iptables -A OUTPUT -s 17.0.0.0/8 -j DROP

# Show when ready
LED W DOUBLE

I simply want to block all incoming and outgoing traffic to ip addresses starting with 17.*.*.* (17.0.0.0/8), nothing else. In the meantime I'll keep digging to find out what I'm doing wrong. Any feedback is appreciated.

Posted

Thanks, I tried all netmode options, but nothing worked. It looks like it has something to do with the iptables command, but I haven't figured it out yet.

Am I missing something in the above shell script (changed it to netmode BRIDGE)? Does the PS even accept such iptables commands? If I look at iptables -L in arming mode after having used the payload, it doesn't seem to save the blocked IP-adresses. So do I need to add some lines to the payload to save and restart iptables? It didn't work with the service command.

Posted
LED SETUP
# Set networking to BRIDGE mode and wait five seconds
NETMODE BRIDGE
sleep 5
    
# Block network traffic to local test host
iptables -I INPUT -i br-lan -d 192.168.1.104 -j DROP
iptables -I INPUT -i br-lan -s 192.168.1.104 -j DROP

# Show when ready
LED ATTACK

ping requests still succeed. I tried chains FORWARD and OUTPUT. Should I use another chain? 

Posted

After testing I got a working script. I also tested netmode BRIDGE and CLONE, but those didn't work. I chose the eth1 interface, which is the one that is connected to the LAN and not the target (but it doesn't really matter). Choosing br-lan didn't work as an interface. I was just playing around to see if I can control Apple connections to an iPhone. With the script below and a USB-Ethernet adapter for the iPhone, I can visit the internet when the phone is in flight mode, but without connecting to Apple services. It doesn't synchronize Apple mail, cant receive the ping sound for a lost phone, etc.

#!/bin/bash
#
# Title:		Hardware-firewall
# Description:	Block all network traffic from and to Apple servers (17.0.0.0/8)

# Set networking to NAT mode and wait five seconds
NETMODE NAT
sleep 5
    
# Block network traffic to and from Apple
iptables -i eth1 -I FORWARD -s 17.0.0.0/8 -j DROP
iptables -i eth1 -I FORWARD -d 17.0.0.0/8 -j DROP

# Show when ready
LED W DOUBLE

Thanks to everyone who replied to my question! Learned a lot and was pointed in the right directions. :)

 

 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...