Block complete internet access | Only use local area network

[snow2k14]

Hi guys,

what is the most elegant way to only use the raspberry pi in the local network.

For now i blocked all outgoing ports on my router but i don't think this is the best way to do it.

I am running NOOB's Rasbian OS.

Thanks in advance.

[DougieLawson]

sudo apt-get install ufw

https://help.ubuntu.com/community/UFW
https://wiki.ubuntu.com/UncomplicatedFirewall

[ripat]

what is the most elegant way to only use the raspberry pi in the local network.

Do you mean to completely isolate the Pi inside its own lan? With no access to the internet?

[DeeJay]

It's not 'elegant', but removing the default route (gateway) from the RPi network configuration would surely fix it.

[iinnovations]

The op is a bit ambiguous. Do you mean the Pi has its own LAN as an access point , or that it is a member of the LAN that your home gateway administers? I am going to assume the latter.

In any case I echo the reco for iptables and/or ufw, but unless you route traffic TO your Pi intentionally from your router via DMZ or port forwarding, only other members of the LAN can see it, i.e. no WAN inbound traffic (except responses to your http requests, etc). Now if you want to block all outbound traffic (visibility to WAN FROM the Pi), follow the advice above and use ufw to restrict all traffic to your local subnet, e.g. 192.168.1.1/24 or whatever your subnet is. I personally don't see the need for this, and you won't get updates, etc., but you know your usage better than I.

Colin

[Tarcas]

There are a number of ways to allow only access on your local network.
1) Remove the router as a gateway from the Pi. This is probably the easiest.The Pi can still talk to the router, it just won't know where to send traffic that needs to be routed.
2) Configure a firewall in your router to block all ports to and from the destination IP. Still easy.
3) Set up IPTables on the Pi and configure it to allow all traffic destined for the local network and drop all other traffic. Definitely the hardest, but most customizable later (block traffic to other specific hosts or ports on the LAN, allow certain ports and/or destinations on the global Internet, etc.)
As for which is the most elegant... well, I suppose that's in the eye of the beholder. If simple is important to you, go with option 1 or 2. If configurability is more important to you, work toward #3. It'll take some homework.

[femindharamshi10]

sudo apt-get install ufw

https://help.ubuntu.com/community/UFW
https://wiki.ubuntu.com/UncomplicatedFirewall

this wont allow pi to use internet ?

[femindharamshi10]

what is the most elegant way to only use the raspberry pi in the local network.

Do you mean to completely isolate the Pi inside its own lan? With no access to the internet?

yes i want to do this !

[B.Goode]

Two people have suggested simply removing the 'default route' or 'gateway' from the network configuration.

Is there some reason why that solution is not acceptable?

[femindharamshi10]

Two people have suggested simply removing the 'default route' or 'gateway' from the network configuration.

Is there some reason why that solution is not acceptable?

i have set it dchp...so how ?

[gman98]

Two people have suggested simply removing the 'default route' or 'gateway' from the network configuration.

Is there some reason why that solution is not acceptable?

i have set it dchp...so how ?

Choose an ip address outside of your routers DHCP scope range and change your PI network config to static but do not include the default gateway (the ip address of the router)

[femindharamshi10]

Two people have suggested simply removing the 'default route' or 'gateway' from the network configuration.

Is there some reason why that solution is not acceptable?

i have set it dchp...so how ?

Choose an ip address outside of your routers DHCP scope range and change your PI network config to static but do not include the default gateway (the ip address of the router)

i want it to be DHCP and not static

[B.Goode]

Are you in control of the dhcp server for your network?

If not, it is difficult to see how to implement this in the way you hope.

If you have admin access to the dhcp server, modify the configuration data returned to your RPi to omit the gateway information.

[gman98]

i want it to be DHCP and not static

Why?

I doubt you'll be able to stop the DHCP server giving out a default gateway (which is what you want in your set-up)

What is wrong with static?

[DougieLawson]

sudo apt-get install ufw
https://help.ubuntu.com/community/UFW
https://wiki.ubuntu.com/UncomplicatedFirewall

this wont allow pi to use internet ?

If you use UFW to block inbound and outbound connections it is effectively disabled with iptables rules. It's also easy to get running again with sudo ufw disable to disable the firewall and remove all iptables rules. The interface can remain active.