hi folks....
I have heard about this forum too much that's why I joined without hesitation...
I was wondering whether I can do build a full-fledged firewall on a linux box without depending on iptables thing, in other words I am willing to design some simple firewall...with my own rules and configuration..
and more I need to know what are the very few initial steps required...
thanks in advance...
IPTABLES is the basic for running all those firewalls. If you are thinking of not having to learn rules set and stuff, then there are front end packages that make use of iptables rule sets but idiotproof way via GUI. Firestarter comes to mind if you absolutely must have GUI. I like shorewall myself since it's easier to work with via CLI.
I meant to design a firewall from the scratch and then attach it along with linux kernel before recompiling....anyhow thanks
Linux is written in C and Assembly. If you want to program a replacement for iptables, then start polishing your C and Assembly programming skills and head out to http://kernelnewbies.org/ .
My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive.
To simply answer you :: yes you can do that. However if this is something due to an inadequecy in IPTABLES, pf from OpenBSD is more "suited" to the task. It is my firewall of choice. I dont even trust the linux firewall if I can use pf ;D Even FreeBSD is looking into integrating pf now. Plus its FLOSS as well (BSD licesnse I think). Look at the code. Hell, you might get paid if you port it. Ask around.
I'm just curious, why would you re-invent the wheel if there are tools to get what you need?
IF they are not adequately up-to-the-task of what you need, tell us what specific you needed it to do. If for research purpose, it might be better off reading through source code of those firewalls than starting to write one.
thank you very much people for cooperating...
and frankly first of all this idea was sort of research, but afterwards I thought that I may do something simpler with some embeded new techniques like self-testing and stuff like that, anyhow I'll get started and you will be upto date of the progress..
or you could look into pfsense
Don't worry Ma'am. We're university students, - We know what We're doing.
'Ruiat coelum, fiat voluntas tua.'Datalogi - en livsstil; Intet liv, ingen stil.
I have to agree with this completely. IPTables is inferior to say PF (which I've heard rumors of it being ported to Linux FINALLY). A matter of fact, I found this thread looking for such, and realized this had to be a board I was registered to, but the name changed again. :P
KK, I've gone through most of the kernel related sites I have in my bookmarks, yet didnt find any mentioning of PF on linux.
The closest I've come was some dude making a wrapper to iptables mimicking it called firehol but I'm not sure that's what you're looking for.
As with discussions about it in verious kernel mailinglists the issue sort of died out early 2006.
Don't worry Ma'am. We're university students, - We know what We're doing.
'Ruiat coelum, fiat voluntas tua.'Datalogi - en livsstil; Intet liv, ingen stil.
Posting Permissions
Reply With Quote
Bookmarks