![]() While I can to much of the degree can control inbound connection, controlling outbound connections becomes hard when you have stuff like INTEL ME literally having unrestricted control over your PC. The resources will go in (possibly) a large filter list and especially in logging: and all at five/ten times the speed of mine.Įxactly. I didn't mean to imply the OP do this (they desire the opposite), merely that implementing a basic firewall takes little resources. I find it lucky that the Pi provides a simple environment where either and both can be learned. It's possible lack of expertise regarding computer security and how to set up a router that segments the network will turn out to be greater problems than the lack of programming skills. Unlike the accumulation of low-value items such as used bottle caps, a large amount of low-value data paradoxically becomes big data that is valuable. It's also how individuals lose their low-value data. This kind of firewall policy is how banks, industry and government organisations get their high-value data stolen. I think filtering outbound connections was stated as the goal in the first post.Īllowing every outbound connection, while convenient, is not secure. All it does, is run iptables with a traditional config: allow everything out - block everything in (except sshd). My 100Mb connection is just fine with an old 512Mb rpi1. ![]() Gigabit Ethernet adapters based on other specific chipsets have also been reported to work but there may be some that don't.Ī basic standard firewall doesn't need much. More information is in the following thread: ![]() The gigabit USB adapter here is based on a Realtek RTL8153 and works well. Are Linux Firewall rules hard to follow? I just want to stop unwanted spyware on my devices spying on me like Intel ME.Īlso, what USB-Ethernet dongle would you recommend? Not all gigabit USB dongles are the same, so be a little careful when choosing yours and ensure the chipset is well supported.įrom a hardware point of view I wonder whether the USB dongle would work better for the upstream or downstream. Having said this, the system is flexible enough for a firewall with any complicated interdependent conditions that one might want. My experience is that understanding Linux packet-filtering rules well enough to do something original takes more than a week of concentrated effort. I would be using a USB3 to Ethernet converter, but would it cause any performance issues? Since my Internet speed is only half that, it shouldn't be a problem. So speed shouldn't be an issue as it has a gigabit connection.I think.ĥ: Since this setup will be running 24/7 (because my internet runs 24/7), what would be the best way to keep the Pi running cool and smoothly? Since it will become the main access point of my entire network, I don't want it randomly going down because any reason.Ħ: I am aware Pi 4B has only one Gigabit port. My Internet speed isn't that great either, at 500 mbps (around 63 MB/s). I would be very grateful if something with even a basic UI exist.ģ: Can I make remote adjustments to the said IP/Data blocklist? Like using specific IP address to access the Pi's management page (like how you do with your router.)Ĥ: Is 8GB variant overkill? Since the job wouldn't be to analyze each and every packet, just blocking some predefined packets/IP addresses, it shouldn't consume much processing power.right? I am not planning to setup any VPN on it since my individual devices are running their own VPN connections, reducing the load even further. I am a complete dummy dumb when it comes to Linux, and CLI to me looks like alien Language. Since I need a network wide firewall, I was thinking internet connection>Raspberry Pi>Router>Connected Devices type configuration.Ģ: What OS or other types of software would I need to run on the Pi? I don't need anything fancy since I am looking to making it a passive thing, i.e. I figured if I can't prevent my machine from sending spyware type data out, I can use a Pi to do the job for me.ġ: How to configure Pi to become this barrier. ![]() ![]() This will also help me prevent unnecessary data leaving my Phone or any other connected devices. As you all know, Intel ME has the highest level of privilege and any software Firewall is useless against, what basically is a Backdoor. I want the Pi to become a barrier preventing my selected IP addresses and Data leaving my network to the internet. This is due to privacy and security concerns, particularly with Intel Management Engine. My Firewall requirements are not quite usual, as in unlike common firewalls, I don't care about any incoming connection, but rather connections going out of my Network. I am looking forward to buy a Raspberry Pi 4B 8GB RAM model, solely to function as a Firewall. Hi, I am new here so please excuse my noobness. ![]()
0 Comments
Leave a Reply. |