Introduction
It is very difficult to find free source code of a firewall. So I, with my friend Rajender, developed this firewall. It is a simple firewall based on packet filtering technology.
Background
I have used the driver as described in an article on Code Project - Code Project/Internet & Network - Developing Firewalls for Windows 2000/XP by Jesús O.
Using the Code
Working of the Filter
Working of the firewall is based on the following steps:
- Extract the packet header.
- Check the protocol associated.
- Compare with the rules.
- Check the source and destination, add if protocol is same.
- Check out the port if protocol is TCP
- Drop or pass the packet
Brief Description
After declaring structure variables, an integer type “countrule” is declared and initialized, It holds the value of the number the rule, it is incremented when new rule is required. Filterlist is initialized to first, its size increases as more and more rules are added. Now the packet header is extracted and is assigned to the variable ipp. Next, the protocol is checked.
If the protocol is numbered as 6, it means it is TCP. We accept all the packets if the connection is already established. Also, if we don't have the bit SYN activate, then we pass the packet by using return PF_FORWARD.
Otherwise, the packet is compared against the rules from the list until there is no member is in the list means till the condition while (aux! =NULL) persists. Now check if the protocol is the same. If it is, then look for the source and destination address and each time increment the countrule. Now if the protocol is TCP, check for the port.
Now the decision can be taken whether to drop or pass the packet according to the following statements:
If (aux->ipf.drop)
return PF_DROP;
else
return PF_FORWARD;
The same procedure is done for the packets of the UDP protocols. For other packet, we don't look more and now we have decided what to do with the packet. After this, countrule is incremented. And we accept all the packets which are not registered.
Here is the description of various classes/source files:
- DrvFltIp.H - This file contains the structure of the various headers that are being used in the TCP IP Protocol suite.
- TDRIVER.H - This file contains the definition of the various method used to load, unload, read and write into the driver. It also contains code for adding rules into the firewall.
- TDRIVER.CPP - This file contains various definition of the functions that are defined inside the
TDriver class. - ADDRULEDLG.H - This file contains the definition of the various functions that are used for the checking whether the given IP address is in the valid format or not and is used for translating the user defined inputs into the driver readable format.
- AddRuleDlg.cpp: implementation file. This is the file that will contain the definition of the class functions that were defined in the AddRuleDlg.h header file.
- FIREVIEW.H - interface of the
CFireView class - FIREVIEW.CPP - implementation of the
CFireView class - Sockutil.h - This file contains the basic declarations of the functions that are used for the conversion of the network address into the internet address and for conversion of port numbers into comp readable format.
- SockUtil.CPP - Implementation of Sockutil.cpp
- PortScanDlg.cpp - Implementation of port scanner.
- StarWarsCtrl.cpp - Implementation of about dialog box in animated view.
- SystemTray.cpp - Class for sending the firewall to system tray. Taken from Code Project.
Points of Interest
I have written this program to share my knowledge with you. I want you to do further work on it and help me to make it a successful open source project by mailing me back modified code. You can find more articles and software projects with free source code on my web site:
History
- 8th December, 2003: Initial post
License
This article has no explicit license attached to it, but may contain usage terms in the article text or the download files themselves. If in doubt, please contact the author via the discussion board below. A list of licenses authors might use can be found here.
