Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach

Author: François De Keersmaeker (@fdekeers)

Profile-based, multi-layer Smart Home firewall, based on NFTables & NFQueue, supporting device interactions.

Research accepted at IFIP Networking 2024. Read the author's preprint version here.

Local compilation

Compile locally with:

./translate_profiles.sh
mkdir build bin
cd build
cmake ..
cmake --build .

or, more easily:

./translate_profiles.sh
./build.sh

Cross-compilation for OpenWrt

We provide two Docker images to cross-compile for two OpenWrt targets:

• TP-Link TL-WDR4900: https://hub.docker.com/r/fdekeers/openwrt_tl-wdr4900
• Linksys WRT1200AC: https://hub.docker.com/r/fdekeers/openwrt_linksys-wrt1200ac

To pull either of them:

docker pull fdekeers/openwrt_tl-wdr4900
docker pull fdekeers/openwrt_linksys-wrt1200ac

To run cross-compilation with either image:

docker run --rm --mount type=bind,source="$(pwd)",target=/home/user/iot-firewall -e ROUTER=tl-wdr4900 fdekeers/openwrt_tl-wdr4900 /home/user/iot-firewall/build.sh -t /home/user/iot-firewall/openwrt/tl-wdr4900.cmake
docker run --rm --mount type=bind,source="$(pwd)",target=/home/user/iot-firewall -e ROUTER=linksys-wrt1200ac fdekeers/openwrt_linksys-wrt1200ac /home/user/iot-firewall/build.sh -t /home/user/iot-firewall/openwrt/linksys-wrt1200ac.cmake

or use the Docker Compose configuration (by default, configured for the TP-Link WDR 4900):

docker compose up