Home-Assistant – Cut internet connection using ArpSpoof (Docker)

ArpSpoof - en.techblog.co.il


As i was searching for a way to block internet connectivity on my kids mobile devices using Home-Assistant  and without having to install application on it’ i came across this 2 articles.

  1. Cut Internet temporarily in a device in your LAN
  2. Disable internet to any device

both are good and working, but yet, something was missing. so i decided to take a bit from the first one an combine it with part of the second one and came up with very good solution that allows me to “kill” internet connectivity for multiple devices over the network and also undo it.

Yes, i know that using arp spoofing isn’t the best way of doing it and it makes a lot of noise in my local network but hey, it’s working (as you can see in the video)

in this howto guide i’ll explain how to implement it in few simple steps.

1. Installing ArpSpoof Docker container

because aline does not support ArpSpoof i hade to fine other way to use it, so I have created ArpSpoof docker image based ubuntu and in order to maintain the kiss (Keep It Simple Stupid) principle i wraped it up with python flask.

In order to use the container, edit your docker-compose file and add the following code:

version: "3.7"


    image: techblog/arpspoof-docker
 #   build: https://github.com/t0mer/broadlinkmanager-docker.git
    network_mode: host #Network mode must be set to host
    container_name: arpspoof
    restart: unless-stopped
      - "com.ouroboros.enable=true"
      - ./arpspoof/arpspoof.py:/opt/arpspoof/arpspoof.py
      - ROUTER_IP= #Required Router IP
      - INTERFACE_NAME= #Required Interface name
  • Be aware that the network mode must be set to “host” otherwise it won’t work
  • ROUTER_IP – Your router IP
  • INTERFACE_NAME – Your docker host Network Interface name
    you can use the following command in order to get it
ip route get | sed -nr 's/.*dev ([^\ ]+).*/\1/p'

Now run the following command in order to bring the containr up:

sudo docker-compose up -d

If you did everything correctly you should you container running:

Arpspoof docker container - en.techblog.co.il

Now, let’s test our arpspoof container. open your browser and enter the following url:
http://[docker_ip_address]:7022/status?ip=[the ip you want to block]
you should see the following output:

ArpSpoof blocking result

the current result will be “0” because there is no active blocking fot this ip address.
Now lets try to block this address by replacing “status” with disconnect command:

“1” meening that the blocking was successfuly applied and if Wi’ll check the status now we should get “1” as result”:

Now, let’s reconnect the computer to the internet by replacing “disconnect” with “reconnect”:

ArpSpoof reconnect

and once again, “1” meening that the command completed successfuly. and now the status result should be “0” again:

ArpSpoof - techblog.co.il

2. Configuring ArpSpoof switch in Home-Assistant

In order to use ArpSpoof with Home-Assistant, open your configuration file and add the following code under switches section

  - platform: command_line
        command_on: "/usr/bin/curl -X GET http://[docker_ip]:7022/disconnaect?ip=[IP_to_Block]"
        command_off: "/usr/bin/curl -X GET http://[docker_ip]:7022/reconnect?ip=[IP_to_Block]"
        # command_state: "/usr/bin/curl -X GET http://[docker_ip]:7022/status?ip=[IP_to_Block]"
        value_template: '{{ value == "1" }}'
        friendly_name: Internet Kill Switch
  • docker_ip – your docker server ip address
  • IP_to_Block – the ip of the device you want to block.

using command state is an option, but be aware to the fact that you cannot change the interval of the state changes and this can result a misbehaviour of the switch.

Now, let’s add the switch to our lovelace ui by adding the following code to your card:

############## Killswitch Tab ############
  - name: Geo Loaction
    title: Geo Loaction
    icon: mdi:wan
      - type: entities
          - entity: switch.kill_internet

############## End Killswitch Tab ############

The result should be like this:

ArpSpoof lovelace card

Here you can see a small demo of ArpSpoof in action:


Be the first to comment

Leave a Reply

Your email address will not be published.