DigiRD Posted December 4, 2017 Posted December 4, 2017 I want to connect a device to a wired ethernet connection, so that I'm able to block specific network traffic with a hardware firewall. At first I was playing with a Raspberry Pi 3 to get the job done, but I think the Packet Squirrel is much easier and better suited for the job. What is the best way to use the Packet Squirrel as a hardware firewall? By just using iptables or does someone has a payload available or any other suggestions? Thanks
Dave-ee Jones Posted December 4, 2017 Posted December 4, 2017 I believe you could do it using iptables. Set it to NETMODE TRANSPARENT inbetween a client and a network (or a LAN and a WAN) and set it to only pass through certain ports (or not pass through certain ports). I'm sure if you have a quick Google you'll find some iptables commands suited for the job. Good luck!
DigiRD Posted December 5, 2017 Author Posted December 5, 2017 Thanks for your reply. I added iptables rules directly on the PS while in arming mode, but that doesn't work. Does the PS only work when using switch 1, 2 and 3 in combination with shell scripts? The following script didn't worked either; #!/bin/bash # # Title: Hardware-firewall # Description: Block all network traffic from and to Apple servers (17.0.0.0/8) # Set networking to TRANSPARENT mode and wait five seconds NETMODE TRANSPARENT sleep 5 # Block network traffic to and from Apple iptables -A INPUT -s 17.0.0.0/8 -j DROP iptables -A OUTPUT -s 17.0.0.0/8 -j DROP # Show when ready LED W DOUBLE I simply want to block all incoming and outgoing traffic to ip addresses starting with 17.*.*.* (17.0.0.0/8), nothing else. In the meantime I'll keep digging to find out what I'm doing wrong. Any feedback is appreciated.
killergeek Posted December 5, 2017 Posted December 5, 2017 i think you need another net mode. because the transparent will just pass all the data trough and you cant change any of it. the ps can only read the data.https://www.hak5.org/gear/packet-squirrel/docs so netmode bridge, nat or clone is probably the one you need.
DigiRD Posted December 6, 2017 Author Posted December 6, 2017 Thanks, I tried all netmode options, but nothing worked. It looks like it has something to do with the iptables command, but I haven't figured it out yet. Am I missing something in the above shell script (changed it to netmode BRIDGE)? Does the PS even accept such iptables commands? If I look at iptables -L in arming mode after having used the payload, it doesn't seem to save the blocked IP-adresses. So do I need to add some lines to the payload to save and restart iptables? It didn't work with the service command.
tummyacid Posted December 7, 2017 Posted December 7, 2017 I am trying the same thing and still no luck. I've tried specifying -i lan-br in net mode BRIDGE. Please post if you get anywhere.
Dave-ee Jones Posted December 7, 2017 Posted December 7, 2017 14 hours ago, biob said: You need to declare the interface iptables -i br-lan Like-ah so.
tummyacid Posted December 8, 2017 Posted December 8, 2017 LED SETUP # Set networking to BRIDGE mode and wait five seconds NETMODE BRIDGE sleep 5 # Block network traffic to local test host iptables -I INPUT -i br-lan -d 192.168.1.104 -j DROP iptables -I INPUT -i br-lan -s 192.168.1.104 -j DROP # Show when ready LED ATTACK ping requests still succeed. I tried chains FORWARD and OUTPUT. Should I use another chain?
Dave-ee Jones Posted December 11, 2017 Posted December 11, 2017 Maybe you need to iptables -a PREROUTING just to make sure it drops it before it passes it through?
DigiRD Posted December 11, 2017 Author Posted December 11, 2017 After testing I got a working script. I also tested netmode BRIDGE and CLONE, but those didn't work. I chose the eth1 interface, which is the one that is connected to the LAN and not the target (but it doesn't really matter). Choosing br-lan didn't work as an interface. I was just playing around to see if I can control Apple connections to an iPhone. With the script below and a USB-Ethernet adapter for the iPhone, I can visit the internet when the phone is in flight mode, but without connecting to Apple services. It doesn't synchronize Apple mail, cant receive the ping sound for a lost phone, etc. #!/bin/bash # # Title: Hardware-firewall # Description: Block all network traffic from and to Apple servers (17.0.0.0/8) # Set networking to NAT mode and wait five seconds NETMODE NAT sleep 5 # Block network traffic to and from Apple iptables -i eth1 -I FORWARD -s 17.0.0.0/8 -j DROP iptables -i eth1 -I FORWARD -d 17.0.0.0/8 -j DROP # Show when ready LED W DOUBLE Thanks to everyone who replied to my question! Learned a lot and was pointed in the right directions. :)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.