LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 05-31-2007, 08:33 AM   #1
Israfel2000
Member
 
Registered: May 2004
Location: Underground base in the mountains
Distribution: FreeBSD, Fedora, Ubuntu
Posts: 87
Blog Entries: 2

Rep: Reputation: 18
Post Making my own iptables program.


Well, I am planning on making an iptables program (firewall). I have been doing research on it but I still need more. What are the requirements that I need to start on my project? Does it need a specific programming languages? Can it be from C/C++? How do I start?

Thx in advance to all.


 
Old 05-31-2007, 08:38 AM   #2
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
You wouldn't really create an IPtables program as such. IPtables is usually configured through Bash scripts, which while technically being a programing language, is very different from writing and compiling a binary application. They are essentially just plain text files that your terminal interprets when you run them.

You could write a program in C/C++ that directly calls the iptables binary and feeds it arguments to configure the firewall, but that would be unnecessary no matter how you cut it.

Last edited by MS3FGX; 05-31-2007 at 08:40 AM.
 
Old 05-31-2007, 07:45 PM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,348

Rep: Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749
Hopefully you've read this site: http://www.netfilter.org/
 
Old 06-07-2007, 11:06 AM   #4
Israfel2000
Member
 
Registered: May 2004
Location: Underground base in the mountains
Distribution: FreeBSD, Fedora, Ubuntu
Posts: 87

Original Poster
Blog Entries: 2

Rep: Reputation: 18
Thx for the replies guys. Thanks, Chrism01, for the link. I'll be going to that site as soon as I finish here.

Now, for my other questions. Are the firewalls for Windows the same as the iptables for linux? If they are not the same, what are the differences? Is it possible to make a user-friendly iptables (firewall) for linux?

Thx in advance.

 
Old 06-07-2007, 02:19 PM   #5
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
The Linux firewall has nothing at all to do with the Windows one. Not that anyone is allowed to see the source for the Windows firewall, but it is safe to say that it is a completely different animal.

As for making user-friendly Linux firewall applications, yes it is possible, which is why there are already many programs that do exactly like. Such as Firestarter.

Also, I think you might want to research how iptables actually works, since I think there is a little confusion here. Applications like Firestarter are not actually firewalls themselves, but just front-ends that allow for easier configuration of iptables. iptables is the firewall, anything else you use is just support software that makes it easier to get iptables configured.
 
Old 06-15-2007, 12:27 PM   #6
Israfel2000
Member
 
Registered: May 2004
Location: Underground base in the mountains
Distribution: FreeBSD, Fedora, Ubuntu
Posts: 87

Original Poster
Blog Entries: 2

Rep: Reputation: 18
Thank you guys. I'll keep doing research on the iptables firewall. Hopefully I'll be able to fully understand how iptables works. Thx.
 
Old 06-17-2007, 08:41 AM   #7
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195

Rep: Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043
Just one thing at "user friendliness". You might think IPTables is not user friendly. Many think you need a GUI or at least an ncurses based interface.

Please realize that every user interface puts a layer between IPTables and you, the user. It hides things which might scare you, might avoid certain settings because it thinks they are impossible, it might assume settings becaus that "is usually what you want"

If you really understand IPtables, putting a number of coherent statements in a bash script file which you run to configure IPtables is very user friendly. You are able to specify what you want and what not almost on the bit level.

Granted, if you are a "home user" like my aunt, you only want to have a checkbox which says "I am connected to the Internet and I want to give others access to the Internet too". But those interfaces already exist.

jlinkels
 
Old 06-18-2007, 10:04 AM   #8
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,399
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
Who is the 'user' to whom iptables is to be friendly? Most end users of firewalls would describe friendliness as "I don't even know it is there". OTOH, the sys admin who must install, configure and maintain a firewall might think of user friendliness as "Allowing me to make it do precisely what I need it to do, and know that it is exactly as I expect it to be". The common GUI config tools for iptables seem to fall somewhere in the middle, failing at both ends of the spectrum, IMHO. The one thing that a GUI tool may provide is a collected knowledge base, automatically building in many standard constructs that have been developed through experience and expertise over time. As such, they tend to build in iptables rules that a novice would not understand or think useful. I believe that this part is a Good Thing, but that it can be improved upon by making it more 'exposed' by not burying it in a GUI. There are also canned firewall packages that allow customization by the installer/maintainer, but whose inner workings are more visible and configurable. They are likely to be configured with simple text editors, and are wide open for modification or scrutiny. One such package that I prefer is HomeLanSecurity, which is geared toward firewalling a home LAN connected to the internet through a DSL or similar connection.

Strictly speaking, iptables is a userspace program that is used to manipulate core kernel data structures that define how IP traffic proceeds in/out/through a network attached host. Collectively, iptables plus the netfilter kernel module make up most Linux firewalls. Theoretically, you could write your own iptables replacement, however most developers who make firewall tools simply use iptables as a child process to do the work. Most commonly, this is done in shell scripts, but any programming language that can launch other programs (and probably capture the output from those) can serve the purpose.
Hope this helps.
--- rod.
 
Old 06-18-2007, 10:34 AM   #9
cppkid
Member
 
Registered: Jul 2004
Location: Pakistan
Distribution: Ubuntu
Posts: 185

Rep: Reputation: 30
As in start of the topic you said that you want to write you own firewall. So i think that you do not want to use the iptables. In fact you want to write your own firewall from scratch. So I think that instead of concentrating on iptables you should concentrate on "Packet Filtering".
Do a research on packet filtering. "Ethreal" is an opensource product for that purpose and a very famous one. So try to learn how ethreal works.
What you need to do is:

Capture the packet for Network.
Parse the packet to extract information.
Allow the packet or reject it based on your policies.
 
Old 06-20-2007, 08:04 AM   #10
Israfel2000
Member
 
Registered: May 2004
Location: Underground base in the mountains
Distribution: FreeBSD, Fedora, Ubuntu
Posts: 87

Original Poster
Blog Entries: 2

Rep: Reputation: 18
Thanks cppkid. This is more on the subject what I was looking for. I knew there was something missing in this thread. :/

Sorry for the left out detailed information. It's just that there is sooo much to do and could hardly concentrate on the things that I'm doing. I guess it's the whole issue that I'm getting married. Yes, married, this year in November. :P *cheering*

Thanks again guys.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
One of my iptables rules is making X not work krock923 Linux - Security 5 08-24-2006 02:10 AM
making a program in Eclipse Shaun32 Fedora 1 04-21-2006 02:40 PM
CD label making program taj SUSE / openSUSE 2 02-22-2005 07:09 PM
making antivirus program mishu11 Programming 7 09-03-2004 12:41 AM
Calendar-making program?? PapaNoHair Linux - Software 1 05-09-2004 06:33 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 05:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration