Designing Your Own Firewall: Concepts and Implementation

December 27, 2024 · 5 min read

Senior Data Engineer @ AON

A firewall is a crucial component in any network security architecture. While off-the-shelf solutions are widely available, there may be scenarios where designing a custom firewall is necessary—whether for specialized applications, unique traffic filtering needs, or educational purposes. This blog provides a comprehensive overview of how to design and implement your own firewall.

Key Components of a Custom Firewall

Packet Inspection Engine:
- The core of the firewall, responsible for analyzing incoming and outgoing packets.
- Determines whether packets should be allowed, blocked, or modified based on predefined rules.
Rule Management System:
- Stores filtering rules (e.g., allow or block based on IP, port, or protocol).
- Allows administrators to add, modify, or delete rules dynamically.
Logging and Monitoring:
- Tracks all traffic decisions (e.g., packets allowed or blocked).
- Provides insights into network activity and potential threats.
User Interface:
- A dashboard for administrators to configure rules and monitor real-time traffic.

System Design Architecture

Traffic Interception:
- Intercepts all incoming and outgoing traffic using tools like raw sockets or packet capture libraries.
Packet Filtering:
- Analyzes packet headers (e.g., IP, TCP/UDP) and payloads.
- Matches packets against rules stored in the rule management system.
Rule Enforcement:
- Blocks, forwards, or modifies packets based on rule matches.
Action Logging:
- Logs decisions for compliance, auditing, and troubleshooting purposes.

Implementation Steps

1. Packet Sniffing

Capture network packets using libraries like pcap or tools like scapy.

Python Example Using Scapy:

from scapy.all import sniff

# Function to handle packets
def process_packet(packet):
    print(packet.summary())

# Capture packets
sniff(filter="tcp", prn=process_packet)

2. Rule Management

Define and manage rules for filtering traffic. Each rule should specify criteria (e.g., source IP, destination IP, port, protocol) and an action (allow or block).

Example Rule Definition:

rules = [
    {"src_ip": "192.168.1.10", "port": 80, "action": "block"},
    {"src_ip": "0.0.0.0/0", "port": 443, "action": "allow"}
]

Packet Matching Function:

def match_rule(packet, rules):
    for rule in rules:
        if packet["IP"].src == rule["src_ip"] and packet["TCP"].dport == rule["port"]:
            return rule["action"]
    return "allow"  # Default action

3. Packet Blocking and Forwarding

Blocking Packets:
- Intercept packets and prevent them from being processed further by the operating system.
Forwarding Packets:
- Allow packets to pass through the firewall after validation.

Example Blocking Logic:

def block_packet(packet):
    print(f"Blocked packet: {packet.summary()}")

4. Logging and Monitoring

Track all packet decisions for auditing and analysis.

Logging Example:

with open("firewall.log", "a") as log_file:
    log_file.write(f"{packet.summary()}
")

Enhancements

Intrusion Detection System (IDS):
- Add functionality to detect suspicious patterns or anomalies in network traffic.
Web Application Firewall (WAF):
- Extend functionality to inspect and filter HTTP traffic for common vulnerabilities like SQL injection or cross-site scripting (XSS).
Scalability:
- Use distributed systems to handle high traffic volumes.

Deployment Strategy

On-Premises Deployment

Install the firewall on a dedicated hardware appliance or server.
Configure network routing to pass all traffic through the firewall.

Cloud Deployment

Deploy the firewall as a virtual appliance in the cloud.
Integrate with cloud-native networking services (e.g., AWS VPC, Azure VNet).
Use APIs for dynamic rule updates.

Example: Cloud-Based Firewall Deployment

AWS Example Using EC2 Instance:

Launch an EC2 instance to run the custom firewall.
Configure the instance as a gateway for your VPC.
Use AWS Security Groups to control access to the instance.

Example Terraform Configuration for AWS:

resource "aws_instance" "firewall" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"

  tags = {
    Name = "CustomFirewall"
  }
}

resource "aws_security_group" "firewall_sg" {
  name = "firewall-sg"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Azure Example Using Virtual Machine:

Launch a Virtual Machine in Azure to host the custom firewall.
Assign a Network Security Group (NSG) to the VM.
Configure inbound and outbound rules in the NSG.

Example Terraform Configuration for Azure:

resource "azurerm_virtual_network" "vnet" {
  name                = "firewall-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = "East US"
  resource_group_name = "firewall-rg"
}

resource "azurerm_network_security_group" "firewall_nsg" {
  name                = "firewall-nsg"
  location            = "East US"
  resource_group_name = "firewall-rg"

  security_rule {
    name                       = "Allow-SSH"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}

resource "azurerm_network_interface" "firewall_nic" {
  name                = "firewall-nic"
  location            = "East US"
  resource_group_name = "firewall-rg"
  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_virtual_network.vnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_linux_virtual_machine" "firewall_vm" {
  name                = "firewall-vm"
  location            = "East US"
  resource_group_name = "firewall-rg"
  size                = "Standard_B1ms"
  admin_username      = "adminuser"
  admin_password      = "Password1234!"

  network_interface_ids = [azurerm_network_interface.firewall_nic.id]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "18.04-LTS"
    version   = "latest"
  }
}

Benefits of a Custom Firewall

Flexibility:
- Tailor rules and functionality to meet specific needs.
Cost Efficiency:
- Avoid expensive commercial solutions by leveraging open-source tools.
Educational Value:
- Gain a deeper understanding of network security and packet-level operations.

Conclusion

Building your own firewall offers unmatched flexibility and control over network security. By understanding the key components and leveraging modern tools and libraries, you can design a robust solution tailored to specific requirements. Whether deployed on-premises or in the cloud, a custom firewall can provide valuable insights and protections for your network.

Start small, iterate, and expand your design to include advanced features like intrusion detection and web application filtering for a comprehensive security solution.

Key Components of a Custom Firewall​

System Design Architecture​

Implementation Steps​

1. Packet Sniffing​

Python Example Using Scapy:​

2. Rule Management​

Example Rule Definition:​

Packet Matching Function:​

3. Packet Blocking and Forwarding​

Example Blocking Logic:​

4. Logging and Monitoring​

Logging Example:​

Enhancements​

Deployment Strategy​

On-Premises Deployment​

Cloud Deployment​

Example: Cloud-Based Firewall Deployment​

AWS Example Using EC2 Instance:​

Example Terraform Configuration for AWS:​

Azure Example Using Virtual Machine:​

Example Terraform Configuration for Azure:​

Benefits of a Custom Firewall​

Conclusion​