Firewalls are software based configurations that safeguard computer networks against malicious users and rogue activities. A firewall is placed between the Local Area Network (LAN) and the Wide Area Network (WAN). We can also say it is placed as a barrier between the Extranet and the Intranet of an organization. Firewalls allow and block connections from users based on the rules specified by the network administrators. They filter all the traffic going through the network. There are different types of firewalls. Some examples include: Application-based firewalls, Packet-filtering firewalls and protocol-filtering firewalls among others.
This article will take you through how to use Python to build a packet-filtering firewall.
How Does A Packet-Filtering Firewall Function
Packet-filtering firewalls function by comparing the header of each packet that passes through the firewall to a set of rules. The principles decide if the packet is permitted or denied in light of rules, for example, the source and objective IP locations, protocols and ports.
Building A Packet-Filtering Firewall using Python
Python programming language has a variety of libraries that will help us actualize our development. Use the ‘Socket’ module to create an active socket that will listen to the network traffic being generated by the hosts. Each host has a specific IP address that is unique within the network.
This is how we import the socket module
The module we just loaded will be used to create a socket. The socket is utilized to listen to network communication that is transmitted across the network. To filter the packets, we must define guidelines that will act as the framework. Which traffic is permitted and which is not will be decided according to the established regulations. IP addresses and ports will be the rules we establish in this section.
Here is the code:
Let's build a listening socket for the generated traffic using the set conditions above.
Below is the python code:
How to Continuously Monitor Traffic From Specific IP Addresses
Having created a socket, let us look at how to monitor the traffic from the IP addresses continuously. We need to loop the process so as to monitor the traffic as it flows.
Below is the code:
How To Check If IP Address And Ports Are Allowed
From the traffic being monitored, the packets are then subjected to a test to check whether the ports and IP address are allowed. The check is based on the set rules above.
Below is the code:
The code above will display whether the connections are allowed only if the IP address matches with the set rules. In case there are illegal IP addresses in the network they are kicked out from the network.
Here is the code:
The connection from the illegal IP address is blocked from accessing the network. The connection is then closed.
Below is the code used to close the connection
The ‘while’ loop will continuously monitor all the traffic using the ‘accept’() of the socket. When a connection is received, it is checked against the allowed ports and IP addresses set. If allowed the connection is processed and if not the connection is closed.
Conclusion
The firewall we have created is a basic firewall based on IP address and ports to filter packets. The requirements for a firewall are based on the nature of the network to be installed.