When we started Firewalla, we had a long debate: "should we save money and build a minimal platform?" or "should we build something that's fun and educational". We picked the latter. We are hackers and makers. We want to build something that we would like to use ourselves, and really want our kids or maybe even adults to learn networking and security.
A Firewalla box is a full Linux server!
- It runs Ubuntu
- With all development tools installed, including editors like vim
- You can run python, node.js, and even compile right on the box
- To reset the system, you just need to flash an SD card.
- Of course, the code on Firewalla is Open Source
If you are an advanced user, here are some cool/fun things you can do on Firewalla. These include quicker ways to enhance your Firewalla to be even more powerful and flexible.
Secure Shell (SSH) is a secure way to log into Firewalla and see how things work inside. Yes, everything is accessible, we don't hide.
Lets ssh into the box:
2. Use Linux Apps like tcpdump
Get deep insights into what is going on with your network using all the many tools provided with the linux distro Firewalla is built on. This can be used for advanced debugging of rules and other features.
3. Install Linux Apps
Once you logged in to the Firewalla box, you can install various apps/tools and explore, like the following examples.
Tshark is the text version of Wireshark. It's a packet sniffer that allows you to look at network packets.
After install, if the system asks you any questions, just press enter:
Now you're ready to look at all the packets in live traffic. It is a great way to learn the basics about TCP/IP. The Firewalla platform already has the code in the background to move packets, so you just need to run tshark to peek at what's going on in your network. Please be prepared to hit control-c. Otherwise, your screen will be flooded.
We designed Firewalla to play well with other systems. Pi-Hole is one of the best open-source ad-blockers. It is fairly easy to install it directly on Firewalla Blue and have it integrated with the rest of Firewalla.
Samba File Sharing
Don't forget you've got a USB port on Firewalla. Plug a USB flash disk in, install Samba, and now you have a shared drive running on Firewalla! Contributed by a couple of our users, here is how to mount Samba / USB Drive on a Red:
Other Linux Apps
Firewalla runs Ubuntu Server, and it includes Python/node/C compilers. You can easily pull any package you need, and write programs to run on it. If any of the fun things blow up, just use flash to reset.
4. Docker Containers
The Firewalla Gold platform is fully integrated with docker containers. Here is an example that we installed "homebridge" container right on the Gold.
5. Networking Enhanced (Firewalla Gold)
When you use the Firewalla Gold as your main router, you will now have the capability to write simple scripts to significantly enhance your network experiences that's specific to your part of the world.
Disconnect and reconnect PPPoE on a schedule
"On my (a firewalla user) German router (AVM Fritzbox) I can configure a custom time (e.g. in the night 2-3 am) for this reconnect (the router simply reconnects the PPPoE connection)."
3 4 * * * root killall -HUP pppd
This may also work if the above does not
30 5 * * * sudo systemctl restart firerouter_pppd@pppoe0
Note, that using
cron commands to edit may not persist after Firewalla updates and some reboots. To make cron edits that persist, see Customized Cron jobs.
Rate Limit Upload on WAN
below example will rate-limit the upload traffic to 43mbit
tc qdisc add dev eth0 root tbf rate 43mbit burst 1540 latency 1000ms
Happy tinkering with Firewalla!