Building a BeagleBone Firewall: Part 1

First, a firewall and routers are 2 separate entities. Many consumer Wi-Fi devices have both a router, and a firewall built in. The problem with these devices is that they often fail to be patched on a regular basis, so if they are susceptible to something like HeartBleed or ShellShock, you have no recourse but to buy new hardware.

The new craze of credit-card sized computers like the Raspberry Pi, Arduino, and BeagleBone Black gave me the idea of making my own, extremely cheap, dedicated firewall/router device.

Being a fan of Linux, and the fact that iptables is a great firewall, I wanted to go with Linux for the OS. I personally like Debian, and have for many years, and thus am very comfortable with it. However, the IceWeasel fiasco made me abandon Debian, in favor of Ubuntu.

I had originally thought of using Raspberry Pi, because it is a very cheap device, and it has a version of Debian Linux (known as Raspbian). Upon further research though, I found that the Raspberry Pi (Rev B+) uses a Broadcom BCM2835 (reports as an ARM6) processor. This presents a problem, to be fully supported by Debian, it needs to be an ARM7 or better. The lack of support became a major issue, as it appeared that HeartBleed wasn’t patched. In truth, it was indeed patched, but it was enough to make me look at what else wasn’t up to date. Upon looking, I found that many packages were not updated. So, for this purpose, the Raspberry Pi was eliminated. Though it maybe be useful for other projects (a web-service for random numbers, or Roku like media device spring to mind).

So, I started looking at the BeagleBone Black, and immediately saw that I found exactly what I was looking for. A 1GHz AM335x 1GHz ARMĀ® Cortex-A8 (reports as an ARM7) processor, which means full distribution support from Debian, and thus Ubuntu. It also has plenty of RAM, built in non-volatile memory with Debian already installed, and much more. With all this, I didn’t even look into the Arduino.

In the following posts, I will discuss the actual steps to the installation of the OS, setup of iptables and more.

If you are interested, here is the Shopping List.

 

Check back for Part 2