Instructables

Raspberry Pi Firewall and Intrusion Detection System

Picture of Raspberry Pi Firewall and Intrusion Detection System
Maybe you think "Why should I protect my pivate network? I've got no critical information on my computer, no sensitive data". Are your emails really public? Don't you have some photos you don't want to upload to Facebook, because they're private. Do you really don't care if you computer is hijacked and used to attack other PCs or act as a spam server?

I don't think you're so careless but maybe you thInk, that setting up a secure network environment is expensive and really difficult. Don't be afraid in this article we will see how to create a network gateway with a firewall, DHCP and DNS server, and a Network Intrusion Detection System (NIDS), entirely based on a Raspberry Pi. 

After this instructable we will have a small security system with the following features:

- Enforce network traffic policies
- Ensure that abnormal packets does not get out or in our network
- DHCP server to distribute network parameters to your LAN
- DNS cache/server to speed up DNS requests and filter out bad DNS queries
- NIDS to detect malicious traffic, such as malware or vulnerability exploits
- Central network monitoring node to watch and debug network traffic

Some may now say "Hey wait, the Raspberry hs only one network port, how should this act as a gateway?". This is done by a small trick. Of course you could buy an USB to ethernet device to get a second network card. But to keep it as simple as possible we just use the Raspi as our gateway, this works really nice. Traffic flows in both ways trought it. Of course it requires some additional configuration, but it's not a problem.


 
Remove these adsRemove these ads by Signing Up
HKM941 month ago

Hello. I want to make a final project to create a firewall raspbrry pi.

can anyone help me by giving video want ways of making .. step by step.

praxispkg3 months ago

There's a lot of useful information in here. However, a Snort sensor needs at least two interface. One standard interface for management or back-end connections (such as SSH, sending data to an SIEM, etc) and then the "sniffer" or promiscuous-mode interface. I believe with the Pi, to make this effective, you'd need to use a wifi adapter and set that up as your management interface and use the eth0 interface for the packet sniffing. Just my 2 cents. I'm using this to get Snort installed on Pi/Archlinux and going from there...

praxispkg6 months ago
Could you elaborate a bit on the statement "Be careful with class 10 types, many of them cause problems with the Raspberry!"? We've been doing some research online regarding the best SD cards to use, and before running across your statement, the consensus seemed to us to be simply "the faster, the better". I haven't run across any other information regarding specific problems with any classes.
vazromju1 year ago
Hi.
I am not able to understand exactly how it works.
Does it means all the internal network have the RSS as their gateway (192.168.1.3) and the RSS has the router as its gateway (i.e 192.168.1.1) because there is only one network card?
pls, could you add a viso or similar with the final map?
thank you and good instructable.
ttyDNA01 year ago
Are there any news regarding the use of systemd in ArchLinux? I tried to follow this tutorial but since rc.conf is not existing anymore I'm stuck now with my network settings.
eeikrem1 year ago
How to set a statis IP: http://dougbtv.com/?p=281
mrmath1 year ago
The current ArchLinux for RPi download uses systemd, so your instructions on setting up a static IP address won't work. Only problem I see is that I can't find instructions on doing that ANYWHERE! You wouldn't happen to know how to go about configuring a static IP address under the current ArchLinux distro, would you?
fNX (author)  mrmath1 year ago
Thx for the feedback. I'll test it this weekend with the new version android add the information.
mrmath fNX1 year ago
I think Arch is a better choice for things like this, because of it's smaller footprint, and lack of a gui by default. But i just can't get the Static IP working under the latest image, and I can't find it anywhere. I'm really looking forward to your update. If you don't make a dedicated instructable on how to set the static IP, I might if your updated instructions work.
Pro

Get More Out of Instructables

Already have an Account?

close

PDF Downloads
As a Pro member, you will gain access to download any Instructable in the PDF format. You also have the ability to customize your PDF download.

Upgrade to Pro today!