building firewall from scratch? RRS feed

  • Question

  • once I have done some research on building a good software firewall and found the following.

    in the native platform there are a kind of drivers called hookup drivers. These can be built very easily with the driver development kit provided by the native platform. These driver installs a hook (adds a filter) to the driver software. If operating system have to talk to devices it is only possible through device drivers. These hook up drivers built for a particular device installs a hook to the default device driver of the device in the native platform. So what ever the data that passes through this driver will be routed through the attached filter which will be programmed by us. Basically this filter is of native language. coming to firewall scenario. The hook up driver attaches a filter to the network card driver. And you can only attach one filter to the driver and at any given point of time only one program can use it. So when you install filter all the packets that travels through the driver will be routed through the filter and you can check every packet that comes in and if you feel that you should not allow the packet you can just drop it. 

    I find this very good. But now when i am searching on how to build a good firewall, i am not able to find anything on net and also there is no information about hookup drivers. so does this concept still works or I have to think in a different way for the currently existing platforms?
    Thursday, February 14, 2013 9:17 AM


  • This entirely depends on your definition of good. You define it as simple, easy and quick. Others can mean: configurable, reliable, secure, lot of features. The latter, unfortunately, is a big project and cannot be done *from scratch* by one person in reasonable time. If this is for a student project, feel free to explore :)

    -- pa

    Thursday, February 14, 2013 9:49 AM

All replies

  • For a network firewall, you want a WFP (windows filtering platform) driver. Start with this sample

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, February 14, 2013 3:23 PM
  • Thank you. For sure I will try that.

    Thursday, February 14, 2013 7:10 PM
  • Yes it is a fun project(student project). So what i said is still working with the new OS as well. So could you please point me to an example of building hookup driver for NIC. It will be of great help.
    Thursday, February 14, 2013 7:12 PM
  • Thank you. If not firewall hook (I mean you said obsolete) how does WFP driver works? I mean, I thought hookup driver is only the reliable way to create a fire wall. If this is not true please tell me how WFP driver works? how does it filter the packets?
    Friday, February 15, 2013 5:11 AM
  • WFP drivers are inserted into the io flow of packets before they are sent on the wire by the NIC. so there is no hooking, rather, a formal architected way for 3rd part developers to be a part of the data path.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, February 15, 2013 7:34 AM
  • Hi Thank you so much for your reply. I am not able to understand what is meant by "io flow of packets". protocol implementations convert the data into packets and the packets will be sent on to the wire by OS using the network card driver. As of my understanding the TCP/IP implentation (such as socket)converts the data into packets and hand over that packets to OS to send the data using driver to NIC and NIC places this on the network. So what is "io flow of packets"? where does this come into picture?  I am asking this only to understand the concept in a better way? please kindly help me understand this.
    • Edited by Murali9654 Saturday, February 16, 2013 11:12 AM
    Saturday, February 16, 2013 11:12 AM
  • ok now i am somewhat clear.

    But in OSI model to which layer does they(filtering, reordering and modification) belong or these are the additional layers introduced. I am a java programmer. so once i invoke the socket and started passing the data through its output stream what happens to that, how does it reach the NIC, Might be the underlying OS might be playing some role, drivers and as yo said I/O flow and until it reaches on to the Wire. I want to know the whole process. I know this is too much too expect in a forum. So i don't expect you to explain me all this but if you can point me to a place where i can get this information it will be of great help. Before starting with WFP I want to be very clear how this works and the concept behind it. so kindly help me in this direction. 

    What i know is when i run the java program it will be converted to executable which is nothing but Machine language. Once this is converted to machine language the processor starts executing the instructions and once the processor encounters the instruction of sending data to NIC, The data will be converted to packets and It invokes the Driver software which helps passing the data to the NIC and NIC places this on the wire. This is my understanding in brief. 

    I have posted my understanding so that you can guide me in the right direction.

    • Edited by Murali9654 Tuesday, February 19, 2013 4:12 PM
    Tuesday, February 19, 2013 4:10 PM
  • I need to filter the packets based on IP and the country where this IP resides. So i am sure that WFP will help me build a simple firewall. I dont know how to ask but i wanted to be clear with the questions that i posted in my earlier message. I have done some googling and i find difficult to get the information i need. Ok if it is too much then last thing i can say is thank you all for answering me.

    Before with the driverhook i understand that it adds a filter to the driver and any information that has to pass on to the wire can only be done by NIc and passing packets to NIC is only possible through driver. so the concept is clear.

    but when it comes to "I/O" flow i am confused. ok anyways thank you all.

    Tuesday, February 19, 2013 5:18 PM