[Xerelin]

I want to learn how to make a firewall. I have a C# program that acts as a VPN w/ messaging and is encrypted, but I wish to implement a firewall on the computer that secures all other connections as well. The ideal way of doing this would be to make a virtual firewall packaged with my VPN app.

I lack the skills to make such a firewall because I do not know how to program with the Kernel. I have an intermediate knowledge of C/C++ and extensive knowledge of VB and C#.

Does anyone know of someone who could help me learn how to program Kernel drivers and the like. and if not, does anyone know where I could get some information so I can start learning it myself?

Thanks in advance.

[Diablo_]

Hehe, I've had trouble figuring that out too, your best bet is to take a Computer Engineering class, or Operating Systems class maybe. Sometimes "Computer Organization and Architecture" classes might help too.

[Xerelin]

Thanks a bunch. You know any good online courses?

[skaoth]

Do you have a specific platform in mind?
If you are developing for XP and below than you can develop a TDI driver. However, this method as by and large been abandoned. This type of driver will require you to hook into the NDIS layer anyways.

Another option is to create an NDIS driver. There is a sample of this in the DDK and would be a good place to start. Another good site is ndis.com and talks about this specific issue.

Lastly, if your looking at a vista option, they have some new framework that I'm not familiar with.

Overall, developing a kernel level filter like this isn't easy. You will need a relatively strong understanding of the OS (read Windows Interals by Mark Russinovich) among others. Its easy to get lost also because of the dizzying array of drivers. You will also need to know C. The last time I did any driver programming professionally it was all in C not C++. Lastly, you should read up on remote debugging either via serial cable or with a VM. The last thing you want to be doing is BSOD'ing your machine every time you have a bug.

If you are looking at developing a firewall in a linux environment I'd start with netfilter.

[perfectly.insane]

A good example to look at (possibly after getting comfortable with the basics) might be WIPFW, a Windows port of the IPFW firewall, as it's open source. The Windows specific driver portion makes up very little of the source.

[Xerelin]

Thanks a bunch guys, I'm actually needing the firewall to be XP and Vista compatible, that's why it's such a pain.

I got one last question. Is there a way of writing a Kernel program that acts as a sniffer and reads from a user-mode app for a list of "blacklisted' ip's and MAC's then blocks them. The key point of the Kernel program though would have to be it's ability to be used on computers with a different driver setup. I.E. Dynamic code for different network drivers for different computers.

Is this theoretically possible?

This post has been edited by Xerelin: 30 December 2008 - 09:35 AM

[skaoth]

If I understand you correctly, you shouldn't need to worry about the "different network drivers for different computers". Most physical network kernel drivers are implemented as miniport drivers and sit lower in the driver stack then the ndis or TDI drivers.

Regarding "black listed ip's" sure its possible. Generally the communication goes from the user application to the driver. So what you can do is use IOCTL's to perform this functionality. Your driver would then store this 'rule' and use it when a packet came in.

[Xerelin]

ok thanks for all the help. got two quick q's about D.I.C.

I'm new to the site. is there a forum that is more specific to this type of coding?

and

would this thread be considered beginner or intermediate on this site?