LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices



Reply
 
Search this Thread
Old 12-16-2009, 12:42 AM   #1
deepamn
LQ Newbie
 
Registered: Dec 2009
Posts: 1

Rep: Reputation: 0
stateful packet inspection firewall using netfilter hooks with load balancing


Hi,

I want to design and implement a stateful packet inspection firewall, where my routines are registered and called. The routines defined by me will maintain session information and apply NAT and/or ACL defined by user.

Everybody ask me, why I need to have separate routines called when Netfilter rules can do the same task. Can you please let me know, how I can make my routines more advanced than the existing implementation of Netfilter rules.

I want to merge server loadbalancing decision (based on algorithms like RR, Least connection, healthchecks etc) with the kernel firewall implementation in next phase. Do you foresee any problem with this?

Please answer my 2 questions.

Thanks and Regards

Deepa
 
Old 12-16-2009, 04:03 AM   #2
AleLinuxBSD
Member
 
Registered: May 2006
Location: Italy
Distribution: Ubuntu, ArchLinux, Debian, SL, OpenBSD
Posts: 272

Rep: Reputation: 37
Sincerely i see many problem on the implementations of your idea especially whereas we speak of a critical area of the system where even in cases you being able to make something functional, because you should even consider system optimization that in this area are essential (the software operates - practically - in real time).

I think a good start could be:
understand the source code of netfilter;
read many book about the various system available for doing what you want (generally a lot complicated) and often there are only concept, idea, without real implementation available;
very good knowledge of c language;
ask for help in places frequented by kernel developers (for example mailing list after having made some piece of code) because is improbable you could obtain help in a forum about questions so difficult;
a lot of time.

After all that, if you are sufficient able to realize something, you should see if the performance (essential in this application) are sufficiently good or not.

Good luck.

Note:
I understand your enthusiasm and I appreciate indipendently how "practical" it is your idea.
 
Old 12-16-2009, 07:58 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
You could start here: http://www.netfilter.org/. They write the iptables src code and have it all there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Info about switches that do per-packet load balancing!! vishamr2000 Linux - Networking 8 06-21-2007 04:01 AM
Netfilter hooks mousars Programming 2 03-16-2006 01:22 PM
Is iptables/netfilter stateful inspection firewall ? newbieA Linux - Security 3 02-11-2005 09:32 PM
Stateful Packet Inspection Firewall (How could I tell)?? wardialer Linux - Security 9 02-10-2005 10:11 PM
stateful packet inspection estranged0877 Linux - Security 1 01-28-2003 07:05 PM


All times are GMT -5. The time now is 10:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration