CyberSecurity Project: Transparent Filtering Bridge (+ Extras) 3.0

Last time, I ran into a number of issues in terms of the actual implementation of the transparent filtering bridge, with the most severe being the inability to actually manage it when connected to my network.

Instead of scuttling the whole time, I decided to sidestep the issue for the moment, and move on to the next part of the process, making firewall rules.

But for this step, I want do something a little more interesting.

So, instead of just documenting how I make a rule for OPNsense, I'm going to make this a three-way competition: me vs ChatGPT vs Bing Copilot!

Step 1: Which Guide to Use?

When it comes to doing any kind of configuration by hand, success or failure can often depend on what guidance you have.

There are two obvious guiding documents for this task:

• OPNsense's Firewall Rule documentation
• ZenArmor's guide on configuring OPNsense firewall rules

Of the two, the ZenArmor guide is vastly more useful. Not only does it explain how things work, it breaks down the process of setting up a rule, provides several examples of common rules, and has a large number of images so you can check yourself throughout the process.

Step 2: What to Block?

Making firewall rules is a lot like threat hunting: you have to make an assumption that a threat is present, so you can actually have a direction for action.

In this case, I don't have to make the assumption. I know I have Amazon devices with Alexa voice control in my home.

So, in this case, I want to block outbound traffic to Amazon's Alexa servers.

Step 3: What IP Address Does Alexa's Server Use?

Obviously, to stop traffic going to the server, I have to know the IP address that's receiving the data.

Thankfully, the question what are the ip addresses for amazon alexa servers provided me with an easily verifiable answer via Netify: 44.199.80.228.

Step 4: Making the Rule

Following through the ZenArmor guide laid out the process for creating the rule quite well.

• Action: Block
• TCP/IP: IPv4
• Protocol: Any
• Source: The Amazon devices
• Port: Any
• Destination: 44.199.80.228
• Port: Any
• Log: Blocking Amazon device transmission to Amazon Alexa server

Interestingly, OPNsense has a feature called Aliases, which allows users to group multiple items together as sources/destinations for a rule.

So for this rule, I'll create an AlexaSource alias that contains 4 IP addresses: 192.168.##.#, 192.168.##.#, 192.168.##.#, 192.168.##.#

At this point, I think I have a proper rule ready, but let's see what the AI say.

Step 5: Creating the Prompt

In order to have a comparable result, we need to have a single prompt that is used by both LLMs. This is what I came up with:

Make me an OPNsense firewall rule that does the following:

• Blocks traffic from a group of IP addresses called AlexaDevice going to the IP address(es) for Amazon's Alexa server(s)
• Logs traffic with the message "Blocking Amazon device transmission to Amazon Alexa server"

Step 6: ChatGPT

Putting in the prompt generated this output:

To create an OPNsense firewall rule that blocks traffic from a group of IP addresses (labeled "AlexaDevice") from reaching Amazon Alexa servers, while logging traffic with a custom message, follow these steps:

Step 1: Create the "AlexaDevice" Alias
- Go to **Firewall > Aliases**.
- Click on the **+** button to create a new alias.
- Set **Name** to AlexaDevice.
- Set **Type** to Host(s).
- Under **Content**, enter the list of IP addresses that belong to your Alexa devices.
- Click **Save** and then **Apply Changes**.

Step 2: Create the Amazon Alexa Servers Alias
- Go back to **Firewall > Aliases**.
- Click the **+** button to create another alias.
- Set **Name** to AmazonAlexaServers.
- Set **Type** to Host(s) or Network(s) (depending on the format of Amazon Alexa's IPs).
- Under **Content**, enter the IP addresses or subnets associated with Amazon Alexa servers. (You'll need to find Amazon Alexa server IPs, which may require researching their specific ranges.)
- Click **Save** and then **Apply Changes**.

Step 3: Create the Block Rule in the Firewall
- Navigate to **Firewall > Rules > LAN** (or the appropriate interface for your Alexa devices).
- Click the **+** button to add a new rule.
- Set **Action** to **Block**.
- Set **Interface** to **LAN** (or appropriate interface).
- Set **Protocol** to **Any** (since you may want to block all types of traffic).
- In the **Source** section:
  - Set **Source** to **Single Host or Alias**.
  - In the **Source Address**, choose the AlexaDevice alias from the dropdown.
- In the **Destination** section:
  - Set **Destination** to **Single Host or Alias**.
  - In the **Destination Address**, choose the AmazonAlexaServers alias from the dropdown.
- Under the **Log** section:
  - Check the **Log packets that are handled by this rule** option.
  - Add your custom log message in the **Description** box: 
    - Blocking Amazon device transmission to Amazon Alexa server.
- Click **Save** and then **Apply Changes**.

Step 4: Apply Rule Changes
- Go to the top right and click **Apply Changes** to activate your new rule.

This setup blocks traffic from devices in the **AlexaDevice** alias from reaching Amazon Alexa servers, logs those attempts, and tags them with the custom message you specified.

Interestingly, ChatGPT gives me the full process to make the rule, but that's probably not surprising. Given the training data and refinements through use, the probabilities for responding to this question are almost certainly skewed more towards a step by step response than a simple table, like ZenArmor's examples.

Step 7: Bing Copilot

Putting in the prompt generated this output: