[Edu-sig] ports

[Guido van Rossum]

> I just want to write a simple firewall. Just to learn from it and
> how they work. It could be quite handy if you can block all ports
> except the usual ones. Like 21 en 80 for FTP and HTTP. The other
> ports aren't server-sockets but they can "connect" to them with a
> TELNET-client or with portscanners and stuff like that. How do you
> block that? Or how do you can read the ports and print a message so
> you know someone is scanning your ports or is trying to connect with
> a lame trojan.

A firewall is a difficult thing to try to build!  It needs to be a
dedicated computer with two internet interfaces -- one outside
(connected to the Internet) and one inside (connected to your local
area network).  Then, you need to look at all packets as they come in
(from both sides!), classify them according to their headers, and ship
them out the other side (maybe after changing some header fields), or
discard them, or send an error back.  There's lots more to doing it
efficiently.

I would recommend that you find a good book on IP-level protocols
first -- alas, I have no recommendations, since I have all this
information from hearsay myself.

You *may* be able to do some of this on a dual-ported Linux box using
raw sockets with the ethernet cards in promiscuous mode.  All this
requires root permission and is very tricky...

--Guido van Rossum (home page: http://www.python.org/~guido/)