Nathan Gardiner

A collection of resources and information on my projects

View the Project on GitHub

My lightweight IoT Firewall Project

Introduction

Many of us today have dedicated IoT SSIDs to separate IoT devices from internal networks. The problems arise when systems like HomeAssistant need to communicate with these IoT devices, and we need network separation which can

In addition, it’s important where possible to limit the outbound internet access of IoT devices. This is because whilst internet access can be important for some IoT functionality and over-the-air updates, a compromised IoT device could be used for data exfiltration and botnet infection.

Why customize?

I chose to customize this system for my use because container-friendly IP Firewall deployments are particularly hard to come by, and given all the necessary components are available within lightweight LXC containers today, I couldn’t understand why I’d need to sacrifice the efficiency of containers for a VM to implement this solution.

The solution

The solution I have devised for this is a containerized IoT Firewall which does the following:

Installing

To deploy your own iot-firewall system, follow the steps below:

apt install -y corosync git pacemaker pcs python3-jinja2 ulogd2

  * RedHat / CentOS

yum

git clone https://github.com/ngardiner/iot-firewall

iot-firewall/setup.sh

Todo

Some of the things I’d like to add to this platform in the future: