Building a firewall from scratch

Discussion in 'all things UNIX' started by kaidranzer, Jun 30, 2011.

Thread Status:
Not open for further replies.
  1. kaidranzer

    kaidranzer Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    5
    Hi guys! I am trying to build an opensource firewall from scratch in linux environment using C and would like to have some help. Even though its called a firewall, its more of a Unified Threat Management containing features like antispam, content filtering, vulnerability analyzing,etc.

    I need some suggestions about which features to include because I only have 1 year to complete this project.

    I have started my preparations by learning UNIX Socket API and I have a pretty good knowledge of C. Can you please suggest me how should I start my work on this project?
     
  2. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I think an application based firewall is something that is sorely lacking in the Linux world.

    I know the usually response from the Linux community is that an application firewall and antivirus aren't needed, but it is the lack of those two things that keep me in the Windows camp. I know that I could get an AV going using Dazuko, but it is a PITA. Anyway, sorry to digress. I think you should make an application filtering firewall. :)
     
  3. kaidranzer

    kaidranzer Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    5
    What I am planning to do is breaking a packet into headers and data. Header analysis will be the "packet-filtering firewall" kind of thing and analyzing the data would be an "application-layer firewall" kind of thing.

    Actually I have broken the process of development in 4 stages namely :

    1. Capture the packet (using libcap)
    2. Break the packet into headers and data (using libpcap)
    3. Analyze the headers and data and make a decision
    4. ACCEPT or DROP the packet (using netfilter in linux)

    Its the third step that will depend on the features which are included in the project. I plan to code using the UNIX Socket API.

    I need to know whether I am on the right track
     
  4. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    YOu might get a better response posting this to the All Things Unix section; just a thought.
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,952
    Location:
    U.S.A.
    Moved Thread to this Forum for More Exposure!
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Is it an application for Linux machines, or a gateway? What are all the features you've already planned?
     
  7. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
  8. kaidranzer

    kaidranzer Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    5
    No it is not an application for linux machines. It will be a gateway between a network/LAN and the Internet.

    Here are some of the features that look good enough :

    http://www.endian.com/en/products/features/utm-24-feature-list/

    But I still cant decide which of these to choose because one year looks like a very short time to implement all of these.
     
  9. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    If you want other products to look at, I have plenty on my list.
     
  11. kaidranzer

    kaidranzer Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    5
    Yes please. I would like to have a look.
     
  12. kaidranzer

    kaidranzer Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    5
    Packet filtering in linux

    Hi guys! I am attempting to build an open source firewall in linux and I need to know how to filter packets WITHOUT using iptables. Once a packet is inspected, a decision is made whether it should be dropped or not. Now to drop the packet I need to stop it from entering the kernel in the first place otherwise it would be forwarded automatically.

    How do i do that? Is it possible using netfilter?

    Reply will be highly appreciated.

    Thanx in advance :)
     
  13. kaidranzer

    kaidranzer Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    5
    Developing a packet-filtering firewall in linux

    Hi guys! I have decided build an open source firewall in linux environment. I have exactly one year to complete this project. The firewall will be a stateful packet filtering firewall working at network, transport and application layers. I would also be provided log analysis features. What I want to know is whether this is a good enough project or put in other words, is it a worthwhile project to undertake?

    Thanx in advance :)
     
  14. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Merged three separate threads together. There is no need to start a new thread every few days about this. Just use this existing thread if you have something else to add or ask.
     
  15. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    How about the AirGap Firewall. I.E pull the plug

    Note: AirGap Firewall is a registered trademark of Paranoid Inc.
     
  16. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Remember, iptables is a front-end for netfilter. So you'd just have to implement a different front-end for netfilter. I know of one alternative already, nftables. So look into iptables and nftables source code to see how others have solved your project. Then, design your own.
     
Loading...
Thread Status:
Not open for further replies.