"Flip the wrong switch and you expose something to the world."
One strategy for dealing with accidental misconfigurations is to employ a "network slug"[1]:
"A Network Slug, or "Slug", is a transparent layer 2 firewall running on a device with only two interfaces. ... The purpose of a Slug is to reinforce a security policy or to block uninentional leaks of information."
I have never head this idea described in text before. However, I have made firewalls this way for decades.
They were typically for stuff that ran in a datacenter so it would be a 1U server with three NICs.
I would really like to make such devices for home or office use. What would be a good device to use for this? Unfortunately, RaspberryPIs do not come with 2 or 3 NICs.
Any recommended alternatives?
I would have a look at the openwrt project’s database of supported devices. You can filter for devices with 3 nics (though not sure it supports filtering for “3 or more”).
use VMs. qemu/kvm. the Tor-based Whonix OS takes the approach of one VM running a Tor proxy and another VM running your application software. the latter VM only has access to that proxy, and no other network interface. it’s effectively the same approach as i understand a slug to be, but with the hardware virtualized instead of physical (or course you don’t have to use Tor — you can define whatever interface you want: a VPN, a firewall, etc).
I think all those are anti-features on a network slug.
As I understand it, the device is intentionally simple because it is there to ensure some misconfiguration cannot expose some port that should not be exposed.
I have implemented firewalls similar to this in the past. They typically had three network interfaces. Two of them were configured as bridges and then I use ebtables/iptables to filter traffic flowing through. These two interfaces would have no IP address and would not be visible on a traceroute, etc.
The third interface would only be connected to a separate admin network. Or it might not even be plugged in. In the latter case, the admin needing to change anything on the device would have to be physically present and bring a "crossover" ethernet cable and plug their laptop directly into the third NIC of the firewall. From there, they would be able to ssh into the firewall and change config.
A network slug does not have an IP address. You cannot connect to it over the network. I'm not sure you understand what the device is and what it does.
Let me give you an example - I have a "port 22 slug" and what it does is block all traffic of all kinds except for TCP22. That's it. It does nothing else and it does it transparently without having an IP address of its own. If I wanted to reconfigure it, I would connect with a serial console.
One strategy for dealing with accidental misconfigurations is to employ a "network slug"[1]:
"A Network Slug, or "Slug", is a transparent layer 2 firewall running on a device with only two interfaces. ... The purpose of a Slug is to reinforce a security policy or to block uninentional leaks of information."
[1] https://john.kozubik.com/pub/NetworkSlug/tip.html