Jump to content
Hak5 Forums
Sign in to follow this  
DigiRD

Using the Packet Squirrel as hardware firewall

Recommended Posts

I want to connect a device to a wired ethernet connection, so that I'm able to block specific network traffic with a hardware firewall. At first I was playing with a Raspberry Pi 3 to get the job done, but I think the Packet Squirrel is much easier and better suited for the job.

What is the best way to use the Packet Squirrel as a hardware firewall? By just using iptables or does someone has a payload available or any other suggestions?

Thanks

Share this post


Link to post
Share on other sites

I believe you could do it using iptables. Set it to NETMODE TRANSPARENT inbetween a client and a network (or a LAN and a WAN) and set it to only pass through certain ports (or not pass through certain ports).

I'm sure if you have a quick Google you'll find some iptables commands suited for the job.

Good luck!

Share this post


Link to post
Share on other sites

Thanks for your reply.

I added iptables rules directly on the PS while in arming mode, but that doesn't work. Does the PS only work when using switch 1, 2 and 3 in combination with shell scripts?

The following script didn't worked either;

#!/bin/bash
#
# Title:		Hardware-firewall
# Description:	Block all network traffic from and to Apple servers (17.0.0.0/8)

# Set networking to TRANSPARENT mode and wait five seconds
NETMODE TRANSPARENT
sleep 5
    
# Block network traffic to and from Apple
iptables -A INPUT -s 17.0.0.0/8 -j DROP
iptables -A OUTPUT -s 17.0.0.0/8 -j DROP

# Show when ready
LED W DOUBLE

I simply want to block all incoming and outgoing traffic to ip addresses starting with 17.*.*.* (17.0.0.0/8), nothing else. In the meantime I'll keep digging to find out what I'm doing wrong. Any feedback is appreciated.

Edited by DigiRD

Share this post


Link to post
Share on other sites

i think you need another net mode. because the transparent will just pass all the data trough and you cant change any of it. the ps can only read the data.
https://www.hak5.org/gear/packet-squirrel/docs 
so netmode bridge, nat or clone is probably the one you need.

Share this post


Link to post
Share on other sites

Thanks, I tried all netmode options, but nothing worked. It looks like it has something to do with the iptables command, but I haven't figured it out yet.

Am I missing something in the above shell script (changed it to netmode BRIDGE)? Does the PS even accept such iptables commands? If I look at iptables -L in arming mode after having used the payload, it doesn't seem to save the blocked IP-adresses. So do I need to add some lines to the payload to save and restart iptables? It didn't work with the service command.

Edited by DigiRD

Share this post


Link to post
Share on other sites
14 hours ago, biob said:

You need to declare the interface

iptables -i br-lan

Like-ah so.

  • Like 1

Share this post


Link to post
Share on other sites
LED SETUP
# Set networking to BRIDGE mode and wait five seconds
NETMODE BRIDGE
sleep 5
    
# Block network traffic to local test host
iptables -I INPUT -i br-lan -d 192.168.1.104 -j DROP
iptables -I INPUT -i br-lan -s 192.168.1.104 -j DROP

# Show when ready
LED ATTACK

ping requests still succeed. I tried chains FORWARD and OUTPUT. Should I use another chain? 

Share this post


Link to post
Share on other sites

Maybe you need to

iptables -a PREROUTING

just to make sure it drops it before it passes it through?

Share this post


Link to post
Share on other sites

After testing I got a working script. I also tested netmode BRIDGE and CLONE, but those didn't work. I chose the eth1 interface, which is the one that is connected to the LAN and not the target (but it doesn't really matter). Choosing br-lan didn't work as an interface. I was just playing around to see if I can control Apple connections to an iPhone. With the script below and a USB-Ethernet adapter for the iPhone, I can visit the internet when the phone is in flight mode, but without connecting to Apple services. It doesn't synchronize Apple mail, cant receive the ping sound for a lost phone, etc.

#!/bin/bash
#
# Title:		Hardware-firewall
# Description:	Block all network traffic from and to Apple servers (17.0.0.0/8)

# Set networking to NAT mode and wait five seconds
NETMODE NAT
sleep 5
    
# Block network traffic to and from Apple
iptables -i eth1 -I FORWARD -s 17.0.0.0/8 -j DROP
iptables -i eth1 -I FORWARD -d 17.0.0.0/8 -j DROP

# Show when ready
LED W DOUBLE

Thanks to everyone who replied to my question! Learned a lot and was pointed in the right directions. :)

 

 

Edited by DigiRD

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×