Making my own iptables program.
 

Well, I am planning on making an iptables program (firewall). I have been doing research on it but I still need more. What are the requirements that I need to start on my project? Does it need a specific programming languages? Can it be from C/C++? How do I start?

Thx in advance to all. ;)

:study:
:p

You wouldn't really create an IPtables program as such. IPtables is usually configured through Bash scripts, which while technically being a programing language, is very different from writing and compiling a binary application. They are essentially just plain text files that your terminal interprets when you run them.

You could write a program in C/C++ that directly calls the iptables binary and feeds it arguments to configure the firewall, but that would be unnecessary no matter how you cut it.

Hopefully you've read this site: http://www.netfilter.org/

Thx for the replies guys. Thanks, Chrism01, for the link. I'll be going to that site as soon as I finish here. ;)

Now, for my other questions. Are the firewalls for Windows the same as the iptables for linux? If they are not the same, what are the differences? Is it possible to make a user-friendly iptables (firewall) for linux?

Thx in advance. :)

:study:

The Linux firewall has nothing at all to do with the Windows one. Not that anyone is allowed to see the source for the Windows firewall, but it is safe to say that it is a completely different animal.

As for making user-friendly Linux firewall applications, yes it is possible, which is why there are already many programs that do exactly like. Such as Firestarter.

Also, I think you might want to research how iptables actually works, since I think there is a little confusion here. Applications like Firestarter are not actually firewalls themselves, but just front-ends that allow for easier configuration of iptables. iptables is the firewall, anything else you use is just support software that makes it easier to get iptables configured.

Thank you guys. I'll keep doing research on the iptables firewall. Hopefully I'll be able to fully understand how iptables works. Thx.

Just one thing at "user friendliness". You might think IPTables is not user friendly. Many think you need a GUI or at least an ncurses based interface.

Please realize that every user interface puts a layer between IPTables and you, the user. It hides things which might scare you, might avoid certain settings because it thinks they are impossible, it might assume settings becaus that "is usually what you want"

If you really understand IPtables, putting a number of coherent statements in a bash script file which you run to configure IPtables is very user friendly. You are able to specify what you want and what not almost on the bit level.

Granted, if you are a "home user" like my aunt, you only want to have a checkbox which says "I am connected to the Internet and I want to give others access to the Internet too". But those interfaces already exist.

jlinkels

Who is the 'user' to whom iptables is to be friendly? Most end users of firewalls would describe friendliness as "I don't even know it is there". OTOH, the sys admin who must install, configure and maintain a firewall might think of user friendliness as "Allowing me to make it do precisely what I need it to do, and know that it is exactly as I expect it to be". The common GUI config tools for iptables seem to fall somewhere in the middle, failing at both ends of the spectrum, IMHO. The one thing that a GUI tool may provide is a collected knowledge base, automatically building in many standard constructs that have been developed through experience and expertise over time. As such, they tend to build in iptables rules that a novice would not understand or think useful. I believe that this part is a Good Thing, but that it can be improved upon by making it more 'exposed' by not burying it in a GUI. There are also canned firewall packages that allow customization by the installer/maintainer, but whose inner workings are more visible and configurable. They are likely to be configured with simple text editors, and are wide open for modification or scrutiny. One such package that I prefer is HomeLanSecurity, which is geared toward firewalling a home LAN connected to the internet through a DSL or similar connection.

Strictly speaking, iptables is a userspace program that is used to manipulate core kernel data structures that define how IP traffic proceeds in/out/through a network attached host. Collectively, iptables plus the netfilter kernel module make up most Linux firewalls. Theoretically, you could write your own iptables replacement, however most developers who make firewall tools simply use iptables as a child process to do the work. Most commonly, this is done in shell scripts, but any programming language that can launch other programs (and probably capture the output from those) can serve the purpose.
Hope this helps.
--- rod.

As in start of the topic you said that you want to write you own firewall. So i think that you do not want to use the iptables. In fact you want to write your own firewall from scratch. So I think that instead of concentrating on iptables you should concentrate on "Packet Filtering".
Do a research on packet filtering. "Ethreal" is an opensource product for that purpose and a very famous one. So try to learn how ethreal works.
What you need to do is:

Capture the packet for Network.
Parse the packet to extract information.
Allow the packet or reject it based on your policies.

Thanks cppkid. This is more on the subject what I was looking for. I knew there was something missing in this thread. :/

Sorry for the left out detailed information. It's just that there is sooo much to do and could hardly concentrate on the things that I'm doing. I guess it's the whole issue that I'm getting married. Yes, married, this year in November. :P *cheering*

Thanks again guys.