Matt Borja

Building a Hardware Firewall (Raspberry Pi)

Inspired by the Tiny Hardware Firewall (THF) project.

Objectives

  • Configure the Raspberry Pi as an IP router, DNS forwarder, and DHCP server
  • Share wlan0 (Internet) with eth0 (local)
  • VPN service of choice
  • Wireless networking
  • Firewall rules
  • OS configuration

Pi Hardware Firewall

Setup

Components

  • Raspberry Pi (Model B)
  • 16 GB SanDisk Extreme (Class 10) SD Card
  • ChargeWorx 5v battery pack for portability
  • Raspbian-friendly EDIMAX (EW‑7811Un) wireless adapter

Routing

  • Configure IP forwarding and masquerading
  • Install and configure DNSmasq (DNS forwarder and DHCP server)
  • Add firewall rules to accomodate DNS/DHCP services (i.e. ufw allow dns)
  • Install and configure VPN client

Tunneling

  • Install and configure OpenVPN client
  • Update /etc/ufw/before.rules to route traffic through VPN tunnel (tun0)
  • Add startup script for autoselecting VPN server

Application

  • Configure additional firewall settings (i.e. port forwarding)