luke3000
Posts: 4
Joined: Sun Jul 15, 2018 10:57 am

how can i doesn't give output to router.

Sun Jul 15, 2018 5:16 pm

good morning,i want to set that my raspberry get inputs from router but doesn't give outputs.
can i do this and how?

mutrised
Posts: 44
Joined: Thu Nov 08, 2012 12:41 am
Location: France

Re: how can i doesn't give output to router.

Mon Jul 16, 2018 8:21 am

Hi,

Could you explain a little bit more ?
What are you talking about ? Firewall ?

If you want your pi to accept all input from network, this is the default, but why ? Is your router firewall enabled or is your pi on the DMZ ?

Why do you want you pi unable to output traffic ?

My question aside, what you seems to need are the following iptables rules

Code: Select all

iptables -F
iptables -t nat -F
iptables -X

iptables -P INPUT ACCEPT
iptables -P OUTPUT DROP
The first three lines removes existing rules
The next one define the default policy for input to accept and the last one to drop for output.

You can add these lines to /etc/rc.local script (before the exit 0 line)

If I understood your question, you should have it.

EDIT: I EDIT the message since you seems to limit the filtering to the router. I gave you some general INPUT OUTPUT filtering rules, not limited to your router, more precise filtering can be done using IP.

Code: Select all

iptables -F
iptables -t nat -F
iptables -X

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A OUTPUT -d 192.168.x.x -j DROP
This code ACCEPT all connection FROM/TO your PI but block you pi from sending traffic to your router, but it would be interesting to know why you want this.
This set of rule is really not restrictive so not that secure... One recommend to set INPUT default policy to DROP and allow only expected port to received data.
RPI2B 7/24 - web, NAS/media, Owncloud and more
RPI0 7/24 - VPN, DHCP, DNS (including filtering), wakeonlan proxy
RPI0W - VPN gateway providing secure WIFI AP and network router, some kind of internet BOX when on the move ;)

luke3000
Posts: 4
Joined: Sun Jul 15, 2018 10:57 am

Re: how can i doesn't give output to router.

Mon Jul 16, 2018 7:42 pm

because i want to make an acess point,and connect to my ps4 and make a lag switch devices

mutrised
Posts: 44
Joined: Thu Nov 08, 2012 12:41 am
Location: France

Re: how can i doesn't give output to router.

Mon Jul 16, 2018 8:35 pm

Ok, I did not knew what a lag switch was, google help me for this, you should have said that right away. I got it now.

So ok, as I understand you want something like this:

PS4 <--- WIFI ---> RPI <--- LAN ---> ROUTER <--- internet

And you use you pi just to cut out the net when you need.

You didn't ask about seting up the WIFI AP on RPI so I supposed you managed it already. So all you need is a iptables rules to block your PS4 to reach the internet.

Suposing your PS4 has the IP 192.168.1.1 on your Pi wifi (wlan0) and your router on eth0. You need to run

Code: Select all

iptables -A FORWARD -i wlan0 -o eth0 -s 192.168.1.1 -j DROP
To block packet coming from 192.168.1.1 on wlan0 expected to be forwarded on eth0 so it's like disconnecting the RJ45 from your PS4.

Code: Select all

iptables -D FORWARD -i wlan0 -o eth0 -s 192.168.1.1 -j DROP
To remove the rule and free acess.

I don't know how you want to trigger this, but since it's a single line script, you can integrate this as you need =)
RPI2B 7/24 - web, NAS/media, Owncloud and more
RPI0 7/24 - VPN, DHCP, DNS (including filtering), wakeonlan proxy
RPI0W - VPN gateway providing secure WIFI AP and network router, some kind of internet BOX when on the move ;)


luke3000
Posts: 4
Joined: Sun Jul 15, 2018 10:57 am

Re: how can i doesn't give output to router.

Tue Jul 17, 2018 6:36 am

scuse me for the lag switch

Return to “Python”

Who is online

Users browsing this forum: No registered users and 15 guests