Barry Jones
asked on
Software firewall for windows XP, with facility to configure rules outside of a GUI
Hi.
I am building an internet billing application to run on an XP box.
I need to find a way to implement a software firewall solution that allows for editing of rules via either a database connection, text/xml file editing, or registry editing. In short, I need to control the rules dynamically from a VB COM application.
Help! I have pulled my hair out today trying to do this. The closest that I have come is EasySec's firewall SDK (http://www.effectmatrix.com/easysec/index.htm), but this looks hellishly difficult to operate. It gives me the facility to build a firewall application, but this is not what I need. I purely need to be able to edit the rules on the fly.
Thanks, TheFoot
I am building an internet billing application to run on an XP box.
I need to find a way to implement a software firewall solution that allows for editing of rules via either a database connection, text/xml file editing, or registry editing. In short, I need to control the rules dynamically from a VB COM application.
Help! I have pulled my hair out today trying to do this. The closest that I have come is EasySec's firewall SDK (http://www.effectmatrix.com/easysec/index.htm), but this looks hellishly difficult to operate. It gives me the facility to build a firewall application, but this is not what I need. I purely need to be able to edit the rules on the fly.
Thanks, TheFoot
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I cannot now enable the windows firewall. I suspect this is due to the fact that (using netsh) I enabled NAT routing. IF I disable NAT and enable the win firewall then I have to use ICS to route and I cannot.
Thanks Naveedb.. any other ideas?
TheFoot
Thanks Naveedb.. any other ideas?
TheFoot
I am little confused. Do you need to use ICS?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Naveedb, No I do not need or want ICS. AFAIK I have to stop the Windows Firewall / ICS Service to allow NAT to work properly. In fact, now I have enabled NAT, I cannot turn on the FW/ICS service.
Eb, I like the idea of a HW firewall, except for the fact that I am designing the internet box as a single device using a customized micro-atx case which has a switch built in to it. There is no space to include another device. Also, the cost of the device will then be too high.
Thanks both for your ideas.
Eb, I like the idea of a HW firewall, except for the fact that I am designing the internet box as a single device using a customized micro-atx case which has a switch built in to it. There is no space to include another device. Also, the cost of the device will then be too high.
Thanks both for your ideas.
Then I would start calling companies like Symantec, McAffe, Zone Alarms and ask for pre-sales support. Ask a teck support rep if you can change the firewall policy on the fly from the command prompt.
BTW there are alredy devices out there that do what you want.
BTW there are alredy devices out there that do what you want.
As far as your origional question
(hit enter too fast)
eb
(hit enter too fast)
eb
Can you explain your issue with netsh and what commands did you use to configre the firewall?
netsh is for the windows firewall, in order for the asker to create a NAT router in XP they had to disable the windows firewall.
eb
eb
ASKER
Naveedb - yes as Eb says, I had to disable the windows firewall because it cannot be separated properly from ICS (as far as I know) and ICS cannot co-exist with the NAT router functions. (See Q_21920714.html for the exact commands that I used to enable NAT)
Eb, I have asked many firewall companies, and the ones that actually get back to me have said that it is not possible to edit the rules from the file system. My current best hope is Tiny Firewall (www.tinysoftware.com) and they also have a development kit, so I may have to build a wrapper around this firewall engine. I'll let you know what I find out.
The reason for building the device myself, is that I can keep the cost to a minimum, and properly integrate it with my billing application.
Thanks, TheFoot
Eb, I have asked many firewall companies, and the ones that actually get back to me have said that it is not possible to edit the rules from the file system. My current best hope is Tiny Firewall (www.tinysoftware.com) and they also have a development kit, so I may have to build a wrapper around this firewall engine. I'll let you know what I find out.
The reason for building the device myself, is that I can keep the cost to a minimum, and properly integrate it with my billing application.
Thanks, TheFoot
OK good luck
eb
eb
ASKER
Sorry - I have been travelling.
I have decided to go with a piece of software called DNS redirector to achieve what i need rather than programmatically controlling a firewall. Here is the EE article detailing the solution: https://www.experts-exchange.com/questions/21922358/Building-a-transparent-proxy-if-that-is-what-I-need.html
Thanks all for helping with this matter. At some point in the future I would still like to use my original solution, so if and when I find a solution, I will start a new thread.
Cheers, TheFoot
I have decided to go with a piece of software called DNS redirector to achieve what i need rather than programmatically controlling a firewall. Here is the EE article detailing the solution: https://www.experts-exchange.com/questions/21922358/Building-a-transparent-proxy-if-that-is-what-I-need.html
Thanks all for helping with this matter. At some point in the future I would still like to use my original solution, so if and when I find a solution, I will start a new thread.
Cheers, TheFoot
ASKER
Thanks for your post. I will look into this just now. I suspect that I cannot use windows firewall as I have disabled it to enable NAT to work on the WinXP box. I will let you know.
TheFoot