How would I get started writing my own firewall?

Question

There is previous little on the google on this subject other than people asking this very same question.

How would I get started writing my own firewall?

I'm looking to write one for the windows platform but I would also be interested in this information for other operating systems too. ­­­­­­­­­­­­­­­­­­

Answer 1

For Windows 2000/XP there is an article with examples on CodeProject Developing Firewalls for Windows 2000/XP

For Vista I think you will need to use Windows Filtering Platform

Answer 2

This question is alarmingly similar to those asking how to write an encryption algorithm. The answers to both should end in gentle reminders about industry standard solutions that already:

• embody years of experience and constant improvement,
• are probably far more secure than any home-grown solution, and
• account for ancillary requirements, such as efficiency.

A firewall must inspect every packet efficiently and accurately, and it therefore runs within the OS kernel or network stacks. Errors or inefficiencies jeopardize the security and performance of the entire machine and those downstream.

Building your own low-level firewall is an excellent exercise that will provide an education across many technologies. But for any real application, it's much safer and smarter to build a shell around the existing firewall API. Under Windows, the netsh command will do this; Linux uses netfilter and iptables. Googling any of these will point you to lots of theory, examples, and other helpful information.

So, to get started, I'd brush up on TCP/IP (specifically, the header information: ports and protocols), then learn about the various types of attacks and how to detect them. Learn about each operating system of interest and how it interacts with the network stacks. Finally, think about administration and logging: how will you configure your firewall and trace packets through it to ensure it's doing what you want it to do?

Good luck!

Answer 3

The usual approach is to use API hooking. Google can teach you that. Just hook all important networking stuff, like connect's and listens's, and refuse what you want.