firewalls

[iain]

Hello

im trying to get an idea of what kind of features i want to build into my project, so would like to ask what kind of features you expect from a firewall.

Any suggestions would much appreciated

[major_small]

the ability to force specific ports open or closed, regardless of danger to running processes...

as in, I want to hijack any port and shut it on whatever process is using it.

[Salem]

Read the feature lists of
http://www.smoothwall.org/
http://www.ipcop.org/
http://www.zonelabs.com/store/content/home.jsp

[whackaxe]

good and clear, but advanced interface: one tab with a list view of allowed incoming ports, and another tab with allowed programs for example. fast too, a firewall isn't something you see alot so it doesn't need to have skinning capabilities good luck

[vasanth]

how about a feature where specific incomming traffic are redirected to the originating system.... ( The idea is if some one is trying to hack into your system.. they will actually be hacking their own system....) Linux offers this with some kind of SNAT feature using the iptables...

[iain]

interesting idea, i might implement that as a sort of hacking final defence system. Thanks for the ideas and if anyone has anymore.

skinning capabilities - not sure i'd be able to do that for linux.
its going to start simple in a console, but im looking at writing a GUI in tcl

[vasanth]

interesting idea, i might implement that as a sort of hacking final defence system. Thanks for the ideas and if anyone has anymore.

skinning capabilities - not sure i'd be able to do that for linux.
its going to start simple in a console, but im looking at writing a GUI in tcl

i dint know you were doing it in linux.... Looks like you just want to do this for the thrill as Linux already has excellent firewall features...

You might want to look into divert sockets, netlink socket etc which give you full control of the data entering and leaving system...

[iain]

>>Looks like you just want to do this for the thrill

kind of, yeah. Its my degree final year project.
My title "Development of an intelligent application level proxy"

intelligent proxy by definition is one that includes other facilities such as firewalling, cacheing, audit logs...

So i m writing a proxy, just a rewriting proxy (Using NAT) and a firewall. The firewall will be application level though so will 'understand' the protocol instead of just simple packet filtering.

I know its been done a hundred times but i wanted something in C and involving networking so i came up with this, any suggestions welcome. When im done if it works well enough i'd like to release it.

[Perspective]

>>intelligent proxy

sounds to me like it should be some sort of adaptive system. Learn the behaviour of the specific system it is running on and flag oddities or substantial changes in behaviour as a security measure.

[iain]

I agree the term intelligent proxy is somewhat misleading as it's not truly an intelligent system. An interesting point though Perspective - a firewall that could learn the behaviour would be interesting but i feel it would move the focus of the project toward an artificial learning/intelligence basis more than a networking basis.

i do like the idea of building in some IDS technology though, that an alert can be raised when the behaviour deviates from the baseline behaviour.

[whackaxe]

of feature or plugin architecture to spoof communications with hackers on differnt ports. what i mean is someone tries to hack your IIS for example, so any directory transversal attacks to get important files would give out a killer virus or something wouldn't be very ethical (if even legal) and would only screw some scripts kiddies over i suppose. oh well...

</ramble>