Thread: writing a personal firewall

  1. #1
    Registered User
    Join Date
    Jul 2007
    Posts
    24

    Smile writing a personal firewall

    Hi everyone,
    I was just wondering if someone can tell me where I have to start for writing a personal firewall,
    I'd appreciate it if someone can put me in the right track, or if you know of any links or anything that can be of use.
    thanks in advance

  2. #2
    Deathray Engineer MacGyver's Avatar
    Join Date
    Mar 2007
    Posts
    3,210
    Uhh, this is going to be pretty complicated. Be sure you have a very good level of knowledge of C, and then make sure you have a very good level of knowledge with regard to the system you will br programming for. You'll also have to know very advanced concepts most likely depending upon how far you want to go.

    This is not something a beginner, and possibly even an intermediate programmer will be able to undertake. Consider postponing this project if you're not up for the level of difficulty.

  3. #3
    Registered User
    Join Date
    Jul 2007
    Posts
    24
    does anyone know of any useful links or can put me in the right track please.

  4. #4
    and the hat of sweating
    Join Date
    Aug 2007
    Location
    Toronto, ON
    Posts
    3,545

  5. #5
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Part of your question is of course dependant on what you mean by "writing a personal firewall". An internet firewall is essentially a filter service that acts as some sort of proxy server on one side, and has a WAN connection on the other side.

    In between, you have some more or less intelligent filtering capability that can say "this is an OK packet that we want to let through" and "this is not to be let through". You'll need a very good understanding of internet protocols (not how the protocol itself works, perhaps, but how the protocol is used to communicate between different types of applications, eg. a web-server and a web-browser, or how a game uses a game-server).

    Most firewalls also allow the use of "hiding", that is, the outside of the firewall is exposed at a different IP-address than the real IP-address of the host. There are several variations on this theme - the most popular one being something called NAT.

    One important key is of course that the outside part of the firewall is written in a secure way - it's pretty pointless to have a firewall that falls over on the first attempt of a buffer overflow.

    First thing google got from "How to design a firewall" is this: http://www.unix.org.ua/orelly/networ...wall/index.htm

    It doesn't give you C-code to implement a firewall, but it explains quite well how a firewall works, and what type of configurations one may want - which is a starting point.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  6. #6
    Dr Dipshi++ mike_g's Avatar
    Join Date
    Oct 2006
    Location
    On me hyperplane
    Posts
    1,218
    I think you want to be looking for the protocol and port number to determine whether or not to discard the packet. Port numbers are part of the layer 4 TCP header. I don't know a whole lot about this stuff, but heres a diagram of the TCP segment header I googled:

    http://www.abcseo.com/papers/security/img36.html

    AFAIK headers get added at layer 2, 3, and 4. The layer 4 segment header should come first as its the last to get added, then the layer 3 packet header, and finally the frame header and trailer.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Win Xp firewall detection
    By wind_addict in forum Windows Programming
    Replies: 1
    Last Post: 04-30-2008, 12:13 PM
  2. Very slow file writing of 'fwrite' function in C
    By scho in forum C Programming
    Replies: 6
    Last Post: 08-03-2006, 02:16 PM
  3. Folding@Home Cboard team?
    By jverkoey in forum A Brief History of Cprogramming.com
    Replies: 398
    Last Post: 10-11-2005, 08:44 AM
  4. help! fifo read problem
    By judoman in forum C Programming
    Replies: 1
    Last Post: 08-16-2004, 09:19 AM
  5. anyone still have Tiny Personal Firewall 2.x installer
    By *ClownPimp* in forum Tech Board
    Replies: 3
    Last Post: 07-06-2003, 09:58 PM