Hacker News new | comments | show | ask | jobs | submit login

That sounds awesome, care to share a few more details?



I actually locked myself out except for console access, so some of this is from memory/Googling:

1. Connect Raspberry Pi to local LAN and get wifi setup (I VLAN wireless traffic, so I have it listening/connected to both)

2. Change iptables default policy to DROP

3. Add relevant ALLOW rules to make sure basic stuff like DHCP still works. I added an allow rule to talk to another machine that runs a PHP script that talks to Twilio

4. Spend about a week adding custom DROP rules for any normal broadcast traffic on your network (Bonjour, random auto-discovery stuff, etc)

5. If you have properly excluded everything "normal" you should be able to run "iptables -vL" about 24 hours apart and the packet count next to the INPUT chain policy will not have incremented (remember we have a default of DENY)

6. Add a final rule of 'iptables -A INPUT -m limit --limit 2/min -j LOG --log-prefix "ZOMG: " --log-level 4'

7. Write a bash script to monitor syslog, parse the log, forward to the before-mentioned script on another host


Very smart!

Just my 2 cents, but I feel like there might be some commercial demand for something like this if you'd ever consider packaging it.


>I actually locked myself out

Hate it when that happens to me...every week.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: