[Winpcap-users] Building a firewall w/o WinPcap?

Guy Harris guy at alum.mit.edu
Sun Nov 27 21:41:01 GMT 2005

Angel Tsankov wrote:
> I know that WinPcap cannot be used to drop incoming packets or to build 
> a firewall, but I desperately need to write one. How is this to be done?

The WinPcap FAQ item 17:



	Q-17: Can I use WinPcap to drop the incoming packets? Is it possible to 
use WinPcap to build a firewall?

	A: No. WinPcap is implemented as a protocol, therefore it is able to 
capture the packets, but it can't be used to drop them before they reach 
the applications. The filtering capabilities of WinPcap work only on the 
sniffed packets. In order to intercept the packets before the TCP/IP 
stack, you must create an intermediate driver.

Googling for

	firewall windows "intermediate driver"



which says:

	I have recently started an Open Source Windows XP firewall project. The 
project is coming along and I hope to have first release within the next 
couple of months. One of the major difficulties in this project has been 
the fact that it is an area which is so scarcely documented. In the 
hopes of improving this situation I am preparing a step by step tutorial 
on how to build a Windows XP Firewall which can be found at 
http://penetration-testing.co.uk/tutorials/howToMakeAWindows XPFirewall.php

	This tutorial already covers the basics in driver development and the 
core concepts needed to start developing an NDIS Intermediate driver 
which is the basis of a good Windows XP firewall.

	I invite all those interested in the subject to follow along with my 
tutorial as it grows day by day and to give any constructive criticism 
that you feel my tutorial could benefit from.

The tutorial isn't complete, but it might help.  The Google search above 
might find you more information on this.

More information about the Winpcap-users mailing list