Is it possible to write a firewall in python?

Question

Is it possible to write a firewall in python? Say it would block all traffic?

Answer 1

Interesting thread. I stumbled on it looking for Python NFQUEUE examples.

My take is you could create a great firewall in python and use the kernel.

E.g. Add a linux fw rule through IP tables that forward sys packets (the first) to NFQUEUE for python FW to decide what to do.

If you like it mark the tcp stream/flow with a FW mark using NFQUEUE and then have an iptables rule that just allows all traffic streams with the mark.

This way you can have a powerful high-level python program deciding to allow or deny traffic, and the speed of the kernel to forward all other packets in the same flow.