VB Firewall

[Aldur]

Ok I recently decided to write a firewall from scratch to give myself a better understanding of computer security at a basic level, I am programming in Visual Basic and i decided to start off with a basic forwarding method whereby all connections to computer come to program first if they are not on disallow list then it will forward it to the appopriate application on the apporpriate port! I used a winsock control on an index to listen for the connections but i get the error message "Address in use!" here is the code:

Code:

Private Sub cmdStart_Click()
    For i = 1 To 49151
        Load wsListen(i)
        wsListen(i).LocalPort = i
        wsListen(i).Listen
    Next i
End Sub

any suggestions would be very helpfull!

-Aldur

[SirDice]

It probably dies when i=135? That port is already opened by windows.

[scittish]

VB firewall? That's pretty much like a dike made out of swiss cheese.

No offense, just an observation.

[Aldur]

ok thanks, as to dike made of swiss cheese observation its not for actual security its more of an exercise to see if i can do it! for fun if you will ^_^

-Aldur

[SuperDooper]

Originally posted here by scittish
VB firewall? That's pretty much like a dike made out of swiss cheese.

No offense, just an observation.

Care to elaborate? Are you saying VB is inherently insecure? If so, you're wrong; however, there are more efficient ways to develop firewall software.

[Juridian]

A dike made out of swiss cheese? Not a very good comparison at all, but then I doubt you really know anything about VB.

I would suggest that before you go creating a firewall or the next uber operating system that you first learn to do good software development with the language in question and learn how to use the debugger.

Baby steps...

[Falcon21]

I do like to see the whole program codes...
I have few questions...
From your code, I can see that your program will be using 49151 instances of winsock control? That will need a lot of system resources...?
I can also see that ports numbered 1-49151 will be opened...this will cause some program that uses ports within that range to be unable to access the net...? is it safe to open so many ports...?

To prevent that error from popping up, you may need to check that state of the port first before listening, or use error handling...

[Aldur]

Like i said i know that its not the best way to go about making one, but once again i think i should mention its for a bit of fun! i have previously written chat programs and remote admin suites using the winsock control and i thought it might be interesting to try for a firewall to see if i was able! IF anyone has any suggestions on how i should go about this please let me know! Thanks!

-Aldur

[Aldur]

Yah i know about the error handling i now use

Code:

On Error Resume Next

Also as to system resoucres it does take up a lot when you start it but once the ports are listening its fine, and as to programs connecting to the net they will be routed through the program!
I would post some code but im still in the early stages when i get a bit further i'll post some ^_^. Also can anyone give any recomended reading for programming and creating firewalls!

-Aldur

[SirDice]

Just a semantics issue.. From the little code you've shown, you're not writing a firewall, you're writing a proxy.

The TCP stream gets terminated by your program (endpoint) and you need to create a new connection to the 'real' destination. Exactly what a proxy does.

A firewall on the other hand doesn't terminate the connection but forwards everything to the intended destination.