A Brief History of Go (Because Why Not?)

Go (or Golang, if you’re feeling fancy) was created by some Google engineers in 2007 because they got tired of waiting for C++ to compile and decided, “Hey, why not make our own language?”

Fast forward to 2009, and boom—Go was born.

It’s fast, it’s got built-in concurrency, and it makes writing servers ridiculously easy. Plus, it’s got a cute mascot—a gopher. What’s not to love?

Go on Wikipedia

What’s a Firewall? (Besides Something That Stops Hackers from Having Fun)

A firewall is like a bouncer for your network. It checks every packet trying to get in and says, “Nah, you’re not on the list,” or “Yeah, come on in.”

It keeps your system safe from sketchy traffic, malicious attacks, and that one guy in your office who still clicks on phishing emails.

More details here: Firewall on Wikipedia

Why Implement a Firewall in Go?

Because Go is fast, efficient, and makes working with networking a breeze. Plus, it has built-in support for handling concurrent requests, making it perfect for processing a high volume of network packets without breaking a sweat.

• Performance: Go’s speed and garbage collection make it great for real-time packet filtering.
• Concurrency: With goroutines, you can handle multiple network requests at once without losing your mind.
• Simplicity: Go’s standard library has everything you need to write a firewall without needing third-party libraries.

Go’s Support for Firewalls and DNS

Go provides some fantastic tools for working with networking and security:

• net package: Lets you create sockets, TCP/UDP servers, and DNS resolvers.
• x/net package: Additional networking tools, including advanced DNS handling.
• iptables manipulation: With exec.Command, you can interact with system firewall tools like iptables.

More details here: Go net package, Go x/net package

Sample Firewall Implementations

Using the Net Package (Simple TCP Firewall)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

package main

import (
	"fmt"
	"net"
)

func main() {
	ln, err := net.Listen("tcp", ":8080")
	if err != nil {
		panic(err)
	}
	defer ln.Close()

	fmt.Println("Firewall listening on port 8080...")

	for {
		conn, err := ln.Accept()
		if err != nil {
			fmt.Println("Connection error:", err)
			continue
		}
		fmt.Println("Blocked connection from:", conn.RemoteAddr())
		conn.Close() // Block the connection
	}
}

Run it with:

1

go run main.go

Using the x/net Package (ICMP Firewall)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

package main

import (
	"fmt"
	"golang.org/x/net/icmp"
	"golang.org/x/net/ipv4"
	"net"
)

func main() {
	conn, err := icmp.ListenPacket("ip4:icmp", "0.0.0.0")
	if err != nil {
		panic(err)
	}
	defer conn.Close()

	fmt.Println("ICMP Firewall running...")

	for {
		buf := make([]byte, 1500)
		n, addr, err := conn.ReadFrom(buf)
		if err != nil {
			fmt.Println("Error:", err)
			continue
		}

		msg, err := icmp.ParseMessage(ipv4.ICMPTypeEcho.Protocol(), buf[:n])
		if err != nil {
			fmt.Println("Failed to parse ICMP message:", err)
			continue
		}

		if msg.Type == ipv4.ICMPTypeEcho {
			fmt.Println("Blocked ICMP ping from:", addr)
		}
	}
}

Run it with:

1

sudo go run main.go

Using iptables Manipulation (System-Level Firewall)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

package main

import (
	"fmt"
	"os/exec"
)

func main() {
	cmd := exec.Command("sudo", "iptables", "-A", "INPUT", "-p", "tcp", "--dport", "8080", "-j", "DROP")
	err := cmd.Run()
	if err != nil {
		fmt.Println("Error setting up iptables rule:", err)
		return
	}

	fmt.Println("Firewall rule added: Blocking TCP port 8080")
}

Run it with:

1

go run main.go && sudo iptables -L

Comparison of Firewall Methods in Go

Understanding Different Firewall Types

Simple TCP Firewall

A Simple TCP Firewall is application-level and blocks or allows TCP/UDP connections based on specific rules. It operates at the transport layer, meaning it can decide whether to accept or reject connections based on IP addresses, ports, and protocols.

Why Choose It?

• If you need a quick and easy way to block unwanted TCP traffic.
• If you’re building a simple application-level firewall.
• If you want something lightweight and don’t need deep packet inspection.

ICMP Firewall

An ICMP Firewall specifically blocks or filters ICMP packets (think of the infamous ping command). ICMP is a protocol used to send error messages and operational information about network connections.

Why Choose It?

• If you want to prevent network reconnaissance attacks (ping sweeps).
• If you’re dealing with DDoS protection and want to filter out unwanted ICMP traffic.
• If your system relies on ICMP for diagnostics and needs fine-grained control.

System-Level Firewall

A System-Level Firewall, like those implemented using iptables, operates at a much deeper level in the networking stack, typically at the kernel level. It can filter all types of traffic before it even reaches your application.

Why Choose It?

• If you need advanced, system-wide traffic filtering.
• If you’re securing an entire server rather than just an application.
• If you need robust security with deep packet inspection.

Firewall Type Comparison

Key Ideas

Reference Links

• Go Programming Language
• Firewall (Computing)
• Go net package
• Go x/net package