Syracuse University
Firewall Lab
Overview
The learning objective of this lab is for students to learn how firwall works by implementing a simple personal firewall for Minix. A personal firewall controls network traffic to and from a computer, permitting or denying communications based on a security policy.Firewalls have several types; in this lab, we focus on a very simple type, the packet filter. Packet filters act by inspecting the packets. If a packet matches the packet filter's set of rules, the packet filter will drop the packet either silently or send an "error responses" to the source. Packet filters are usually stateless; it filter each packet based only on the information contained in that packet, without paying attention to whether a packet is part of an existing stream of traffic. Packet filters often use a combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, the port number.
Lab Description and Tasks (PDF)
-
For instructors: if you prefer to modify the lab description
to suit your own courses, you can download the source files (Latex)
from here.
Helpful Documents
- Minix Network Service Documentation (This web site offers a line-by-line analysis of the network service for Minix, version 2.0.4).
- Charlie Wong's documentation on Minix networking
- Mingdong Shang's documentation on Minix networking
- Online Minix source code
- How to add a new system call in Minix
- How is a system call invoked in Minix
- Three process tables in Minix