Creates a Debian Based Firewall (Should work with Ubuntu too)
Installs a complete SoHo firewall on Debian Buster or Stretch, with
- BIND providing local name resolution.
- ISC-DHCP-Server providing local DHCP
- NTP resolves some of the systemd fu..ery regarding this + ensures that there's a current leapseconds file available
- DSHIELD logging - see https://isc.sans.edu/howto.html
- Filebeat - forwarding the logs to Elastic for local logging
-1 Unless you ensure that the install/configure routines are not run - they run by default, modify the "main" routine accordingly.
The overall setup, hardcoded in the script is:
If you need to change this, you'll have to search and replace as required for your specific environment.
For more information, have a look at my blogpost on this: https://blog.infosecworrier.dk/2019/12/debian-based-low-power-firewall.html
Disclaimer: This worked for me on an old Atom system, a Celeron thing, and last (but not least) a PC Engines APU4C4 (https://www.pcengines.ch/apu4c4.htm) bought at https://teklager.se/en/ (great service, no affiliation). The little APU just works and uses about 6W so a great saving even compared to the Atom/Celeron boxes.