是否可以为Windows编写带有Python/Scapy的简单防火墙? [英] Is it possible to write simple Firewall with Python/Scapy for Windows?

问题描述

我正在寻找一种可以拦截HTTP流量的小型"防火墙，然后应根据其IP地址和数据包的内容(文本)修改或丢弃该数据包.

I'm looking to make a "small" firewall that can intercept HTTP traffic, it should then modify or drop the packet according to its ip address and the content(text) of the packet.

在我创建此问题之前，我曾在Google上搜索过几次. 恐怕还需要很长时间，我还没有开发驱动程序内核的经验-模式.

I googled several times before I created this question. Im afraid it'll take a long time, also, I do not have any experience in developing a driver kernel-mode.

不过最近，我遇到了一个python (scapy)的库， 文档，它既可以监听流量也可以伪造流量.

Recently though, I came across a library for python (scapy), and from the documentation, it is able to sniff as well as forge traffic.

但是我对船头有一些疑问:

However I have a few questions about scapy:

伪造网络数据包"是什么意思?它会伪造数据包的副本吗?

What does it mean to "forge network packets?" Does it forge a copy of the packets?

谢谢.

PS:另外，由于我没有在内核模式下开发驱动程序的经验，因此在用户模式下是否还有其他库?使用的编程语言不是我的目标，我的目标是在短时间内并尽可能简单地完成此任务.

PS: Also since I'm not experienced in developing drivers in kernel-mode, is there any alternative library in user-mode? The programming language used is not my goal, my goal is to accomplish this task in a short period of time and as simply as it can be done.

推荐答案

此外，由于我没有开发内核模式驱动程序的经验，因此在用户模式下是否还有其他库?

Also since I'm not experienced in developing drivers in kernel-mode, is there any alternative library in user-mode?

是的，看看我的项目 WinDivert . WinDivert允许您从用户模式应用程序捕获/修改/丢弃数据包(无需内核编程).

Yes, have a look at my project called WinDivert. WinDivert lets you capture/modify/drop packets from a user-mode application (no kernel programming required).

这篇关于是否可以为Windows编写带有Python/Scapy的简单防火墙?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！