Raspberry Pi Firewall and Intrusion Detection System

Picture of Raspberry Pi Firewall and Intrusion Detection System
Maybe you think "Why should I protect my pivate network? I've got no critical information on my computer, no sensitive data". Are your emails really public? Don't you have some photos you don't want to upload to Facebook, because they're private. Do you really don't care if you computer is hijacked and used to attack other PCs or act as a spam server?

I don't think you're so careless but maybe you thInk, that setting up a secure network environment is expensive and really difficult. Don't be afraid in this article we will see how to create a network gateway with a firewall, DHCP and DNS server, and a Network Intrusion Detection System (NIDS), entirely based on a Raspberry Pi. 

After this instructable we will have a small security system with the following features:

- Enforce network traffic policies
- Ensure that abnormal packets does not get out or in our network
- DHCP server to distribute network parameters to your LAN
- DNS cache/server to speed up DNS requests and filter out bad DNS queries
- NIDS to detect malicious traffic, such as malware or vulnerability exploits
- Central network monitoring node to watch and debug network traffic

Some may now say "Hey wait, the Raspberry hs only one network port, how should this act as a gateway?". This is done by a small trick. Of course you could buy an USB to ethernet device to get a second network card. But to keep it as simple as possible we just use the Raspi as our gateway, this works really nice. Traffic flows in both ways trought it. Of course it requires some additional configuration, but it's not a problem.

Remove these adsRemove these ads by Signing Up

Is this step necessary if I can the 0p2 partition is 6gbs?

Could you provide an updated version for the new version of Arch ? (3.12 i believe)

I am attempting to follow this tutorial however some files(rc.conf) do not exist or some commands are not recognised.

MarcI11 month ago

Can you please explain how this connects physically to the network? Is it connected on one of the router ports? Is it between the modem and router? Please explain. Thanks.

dnlongen2 months ago

Nice! Here's an example of what you can do once you've built a Pi with snort:

gkweb4 months ago

This article is a nearly complete copy/past of mine (written 16 August 2012)

Proper credits should be given at the begining of the article. Thanks.

HKM941 year ago

Hello. I want to make a final project to create a firewall raspbrry pi.

can anyone help me by giving video want ways of making .. step by step.

praxispkg1 year ago

There's a lot of useful information in here. However, a Snort sensor needs at least two interface. One standard interface for management or back-end connections (such as SSH, sending data to an SIEM, etc) and then the "sniffer" or promiscuous-mode interface. I believe with the Pi, to make this effective, you'd need to use a wifi adapter and set that up as your management interface and use the eth0 interface for the packet sniffing. Just my 2 cents. I'm using this to get Snort installed on Pi/Archlinux and going from there...

praxispkg1 year ago
Could you elaborate a bit on the statement "Be careful with class 10 types, many of them cause problems with the Raspberry!"? We've been doing some research online regarding the best SD cards to use, and before running across your statement, the consensus seemed to us to be simply "the faster, the better". I haven't run across any other information regarding specific problems with any classes.
vazromju1 year ago
I am not able to understand exactly how it works.
Does it means all the internal network have the RSS as their gateway ( and the RSS has the router as its gateway (i.e because there is only one network card?
pls, could you add a viso or similar with the final map?
thank you and good instructable.
ttyDNA02 years ago
Are there any news regarding the use of systemd in ArchLinux? I tried to follow this tutorial but since rc.conf is not existing anymore I'm stuck now with my network settings.
eeikrem2 years ago
How to set a statis IP:
mrmath2 years ago
The current ArchLinux for RPi download uses systemd, so your instructions on setting up a static IP address won't work. Only problem I see is that I can't find instructions on doing that ANYWHERE! You wouldn't happen to know how to go about configuring a static IP address under the current ArchLinux distro, would you?
fNX (author)  mrmath2 years ago
Thx for the feedback. I'll test it this weekend with the new version android add the information.
mrmath fNX2 years ago
I think Arch is a better choice for things like this, because of it's smaller footprint, and lack of a gui by default. But i just can't get the Static IP working under the latest image, and I can't find it anywhere. I'm really looking forward to your update. If you don't make a dedicated instructable on how to set the static IP, I might if your updated instructions work.