I got a Gateway that receives LoRa messages and forwards them via LTE to the internet.
I don´t want everybody to use my LTE-Volume. So I am trying to set up a Firewall that doesn´t forward these unknown devices.
Setting up a filter for every device will be very time consuming due to there are many. But they all have in common that they provide their AppEUI (some Hex values) during transmission.
Is it possible to create a Firewall rule that searches for this hex Value and just forewords the packages including them, or to write a script that does the job?
Firewall supports “content” matcher. Only if I remember correctly and nothing changed, any unprintable characters have to be entered using CLI (e.g. content=“\01\20\ff”) and they will show as garbage in GUI.
Sorry for the late response, becauseI ran into some other complications.
I´ve tried the content matcher and it seems to filter something, but not what it is supposed to.
I have set up two rules that should filter out the same content.
The first one is set up by the command line and filters out content=!“01\fe\00\32\35\31\32\30” which shows in the advanced filter settings as “e” (not shown right here).
The second one is set up via the GUI and there I set the content to !“01fe003235313230”. This rule is not used due to the first one seems to filter everything just fine.
The rest of the two filters is identical. chain = output, protocol = udp, Dst. Port 1700 (set up in config for LoRa), action = drop, content = !“01fe003235313230”.
So the Firewall should drop every packet, that does not contain that very specific content.
But when I check in Wireshark, there are still “stranger-packets” with an unknown EUI send to the internet.
Why does the content filter filter “random” packets but not the intended ones? Is it possible to check which packets got dropped?