Connecting to unsecured networks can be a risk. You really don't know what could be running on the network. We can use the raspberry pi to act as a firewall for our laptops.
For class, my group was assigned a project to create a portable firewall using a raspberry pi. The pi would connect via wifi to any hotspot (xfinitywifi, starbucks, etc...) and have the host computer attached be completely secure.
- 1x raspberry pi
- 1x 4gb sd card (raspbian installed)
- 1x usb wifi adapter
The default login for raspbian is pi:raspberry
Set a static IP address for eth0 We can define the pi's ethernet address as 10.11.12.13/24 since that subnet is rarely used, and it's easier to remember!
SSH only on laptop
We are going to need to give out ip addresses for the clients first!
Router / Firewall - IPtables
The pi is going to act as the router for the laptop.
Now let's route some traffic from wlan0 to eth0!
That will route traffic from the wifi to the laptop, and block all attempts to connect to the actual pi.
We will script this up later :)
DNS-RPZ - Bind9
DNS-RPZ allows us to maintain a blocklist for bad domains.
We use malware-domains.com for this, since that site provides a decently up-to-date file in bind9 format. You can easily supply your own list here.
Run that bash script once to kick it off, then add it to crontab if you want.
IPS - Snort
Good ol' snort. You can pull in your own rules or use the default rules that come with the install. The default settings work decently, but can be tweaked.
Now we gotta connect to wifi. I wish webmin would supply a module for this, or an easier way for that matter.
Basically, I just use
Tie it all together Ssh login to the pi, connect to wifi using iwconfig commands. Then run this script!