Introduction: Raspberry Pi Personal Firewall

CU ITP Hackathon project

Step 1: Set Up Raspberry Pi

Following the instructions provided with the Raspberry Pi, set it up using Raspbian.

Step 2: Setup Raspberry Pi As Gateway

sudo nano /etc/network/interfaces

edit to look like this, then save:

auto lo
iface lo inet loopback

pre-up iptables-restore < /etc/iptables.rules

auto eth0

allow-hotplug eth0

iface eth0 inet static

address 192.168.0.1

netmask 255.255.255.0

network 192.168.0.0

broadcast 192.168.0.255

auto wlan0

allow-hotplug wlan0

iface wlan0 inet manual

wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Enable IP forwarding:

nano -w /etc/sysctl.conf
net.ipv4.ip_forward=1

Install and configure DNSMASQ

To install:
sudo apt-get install dnsmasq

To configure:

nano -w /etc/dnsmasq.conf
interface=eth0

listen-address=127.0.0.1

domain=example.com

dhcp-range=192.168.0.1,192.168.0.110,12h

Reboot the system.

Step 3: Configure and Activate Iptables

nano -w /etc/iptables.rules

*nat

-A PREROUTING -i eth0 -p tcp -m tcp --dport 50000 -j DNAT --to-destination 192.168.0.3:50000

-A POSTROUTING -o eth0 -j MASQUERADE COMMIT

*filter

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -i eth0 -j DROP -A FORWARD -i eth0 -p tcp -m tcp --dport 50000 -m state --state NEW -j ACCEPT COMMIT

Activate:

iptables-restore < /etc/iptables.rules

Ensure iptables restart on boot:

Add to /etc/network/interfaces after lo:

nano -w /etc/network/interfaces
pre-up iptables-restore < /etc/iptables.rules

Step 4: Write a Script to Get Malicious IPs and Add Them to IP Tables to DROP

1 #!/usr/bin/python

2 import requests

3 import re

4 import subprocess

5 import os

6 r = requests.get("http://www.malwaredomainlist.com/mdl.php?search=&colsearch=All&quantity=A ll")

7

8 data = r.text

9

10 datasplit=data.split('\n')

11 malIP=[]

12 for d in datasplit:

13 d1=d.split('')

14 if len(d1) > 3:

15 s=re.search('\d+\.\d+\.\d+\.\d+', d1[2])

16 if hasattr(s, 'group'):

17 malIP.append(str(s.group(0)))

18

19

20 malIP1=malIP[:100]

21

22

23 print(len(malIP1))

24 os.system("iptables -F FORWARD")

25 for IP in malIP1:

26 os.system("iptables -A FORWARD -d "+IP+" -j DROP")

27 os.system("iptables -A FORWARD -j ACCEPT")

Step 5: Set Script to Run Every 5 Minutes

crontab -e

Add a rule at the bottom:

*/5 * * * * /usr/bin/python /home/pi/scriptname.py

Save and quit

Step 6: Set Up Flask Web Server

The web server enumerates the list of wifi networks and allows us to connect to any of them.

pip install flask

pip install wifi

Python server code attached.

Step 7: Create Index.html for Web Server

This index.html file will go inside the flask file structure in the "templates" directory.

Step 8: You Are Now Blocked From Connecting to Malicious Websites Listed at the Url Specified in Python Script in Step 4