Creating a firewall based on keywords

jheengoo · wrote on 15 Jan 2014, 08:03

Hello

I want to create a firewall to be able to block webpages having certain keywords. Is it possible with Qt? Kindly give me a direction. I tried using Windows Filtering platform but since it's not compatible with earlier versions of windows so... Your help is much appreciated.

Thanks

raven-worx · wrote on 15 Jan 2014, 08:24

you would need to implement a proxy and inspect the response from every request for your keywords.

dheerendra · wrote on 15 Jan 2014, 09:36

There are so many free tools available which does this kind of functionality. I'm curious to know why would like to create one more. Do you want to develop a plugin or library which can be included in some application ? As raven said in above post, you need to use NetworkManager component to request and process each and every HTTP response.

jheengoo · wrote on 15 Jan 2014, 10:19

Actually i don't know of any such tools which drop packets containing specific keywords. I only want to drop the specific packets instead of blocking an ip address or url. So that it won't look like that some firewall is interrupting or something.

raven-worx · wrote on 15 Jan 2014, 10:26

define "packet" please and how do you think that a packet can contain a word

jheengoo · wrote on 15 Jan 2014, 11:09

by packet i mean the packet which is transferred over the internet which is passed through layers of OSI Model. It's not that hard to guess :p. That packet has few headers and got information(ascii code, words whatever you may call it) inside it.

raven-worx · wrote on 15 Jan 2014, 11:25

[quote author="jheengoo" date="1389784171"]It's not that hard to guess :p.[/quote]
yes, maybe ... but only with your understanding of how things work.

What you want is just impossible.
Just to mention a few reasons:

The definition of packet is dependent of the protocol you use for transfer. This also includes secured transfers (like HTTPS). So you can't guarantee that you always read the contents of it.
Also you can't rely on that each packet contains at least 1 whole word.
TCP (which is widely used for internet nowadays) is a protocol which guarantees that all packets are transferred correctly. When you now just drop (or alter) 1 of it the checksum will become invalid. Which triggeres a retransfer of the packet.

jheengoo · wrote on 15 Jan 2014, 11:38

well yeah That's right. I don't want to stop the retransmission from server, I just want to be able to drop a packet if it meets the criteria i set(matches a certain word). I am not making it commercially (it's just a school project, so less accurate soltuion will be fine too). Do you think it can be done even with very low accuracy? Thanks for your help. really nice of you.

dheerendra · wrote on 15 Jan 2014, 11:56

Hope you are intended to drop the entire page rather simple packet. Also I'm assuming that packet means TCP packet what you receive. I'm getting feel that this will not processing just at the HTTP level, you need to get into TCP level as well. You need to put the interface into promiscous mode and get every packet coming. This is not a Qt level programming. You can look wire-shark tool and modify the code. This kind of firewall looks very strange to me. However you know the requirement better. It is not

jheengoo · wrote on 15 Jan 2014, 12:01

hmmm, I know how to sniff each and every packet using windows socket programming but i cannot drop any packet using socket programming. Also winPcap, libpcap and Wireshark or tcpdump don't offer any functionality to drop a packet at will. I think Bearer management in Qt has the ability to drop a packet/webpage.