Firewall Simulation

Description:

Simulate a basic firewall that filters network traffic based on user$-$defined rules, such as blocking or allowing traffic from specific IP addresses.

Key Concepts:

Network traffic filtering: Network traffic filtering involves inspecting packets traversing a network and making decisions based on predefined rules. Filtering criteria may include source$/$destination IP addresses, port numbers, protocols, and packet content.

IP protocols: IP protocols define the rules and conventions used for communication between networked devices. Examples include TCP $($Transmission Control Protocol$),$ UDP $($User Datagram Protocol$),$ and ICMP $($Internet Control Message Protocol$).$

Firewall rules: Firewall rules specify how network traffic should be handled by a firewall. Rules define conditions $($e$.$g$.,$ source$/$destination IP addresses, port numbers$)$ and actions $($e$.$g$.,$ allow, block$)$ for packets matching those conditions, providing security enforcement and access control.

Code Skeleton:

def firewall$\_$rules$($packet$)$:

# Example rule: Block traffic from a specific IP

blocked$\_$ip $="192\mathrm{.}168\mathrm{.}1\mathrm{.}100"$

if packet$[\text{'}$IP$\text{'}][\text{'}$src$\text{'}]==$ blocked$\_$ip:

print$($f$"$Blocked traffic from $\{$blocked$\_$ip$\}")$

return False

return True

def simulate$\_$traffic$($packets$)$:

for packet in packets:

if firewall$\_$rules$($packet$)$:

print$($f$"$Allowed packet from $\{$packet$[\text{'}$IP$\text{'}][\text{'}$src$\text{'}]\}")$

else:

print$($f$"$Blocked packet from $\{$packet$[\text{'}$IP$\text{'}][\text{'}$src$\text{'}]\}")$

# Example usage $($pseudo$-$packets for illustration$)$

packets $=[\{\text{'}$IP$\text{'}$: $\{\text{'}$src$\text{'}$: $\text{'}192\mathrm{.}168\mathrm{.}1\mathrm{.}100\text{'}\}\},\{\text{'}$IP$\text{'}$: $\{\text{'}$src$\text{'}$: $\text{'}192\mathrm{.}168\mathrm{.}1\mathrm{.}101\text{'}\}\}]$

simulate$\_$traffic$($packets$)$

Enhancements:

Stateful Inspection: Enhance to perform stateful inspection, tracking the state of active connections.

Alert system: Integrate a basic email alert system that triggers when traffic is blocked.

Example Screenshot of the project $-$

This project emulates packets by reading a file passed as a parameter. This file, contains the packets in a key$-$value format, depicting their several attributes, such as packet ID$,$ source & destination IP address and ports. The rule list is also fed to the emulator via a file. Based on the rule list, the emulated packets are either allowed or blocked. If a packet is blocked, an immediate alert is generated and a mail sent to the administrator for their perusal.