Solved

Software firewall for windows XP, with facility to configure rules outside of a GUI

Posted on 2006-07-15
14
317 Views
Last Modified: 2013-11-16
Hi.

I am building an internet billing application to run on an XP box.

I need to find a way to implement a software firewall solution that allows for editing of rules via either a database connection, text/xml file editing, or registry editing.  In short, I need to control the rules dynamically from a VB COM application.

Help!  I have pulled my hair out today trying to do this.  The closest that I have come is EasySec's firewall SDK (http://www.effectmatrix.com/easysec/index.htm), but this looks hellishly difficult to operate.  It gives me the facility to build a firewall application, but this is not what I need.  I purely need to be able to edit the rules on the fly.

Thanks, TheFoot
0
Comment
Question by:Barry Jones
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
14 Comments
 
LVL 10

Assisted Solution

by:naveedb
naveedb earned 100 total points
ID: 17116555
You can use netsh on XP to configure the firewall rules. Since Windows firewall comes with XP, you just need to turn it on and then use netsh scripts to modify the behavior. You don't need to reinvent the wheel.

The following article should give you some idea how to proceed with netsh.

http://support.microsoft.com/kb/839980/

0
 
LVL 12

Author Comment

by:Barry Jones
ID: 17117497
Hi Naveedb,

Thanks for your post.  I will look into this just now.  I suspect that I cannot use windows firewall as I have disabled it to enable NAT to work on the WinXP box.  I will let you know.

TheFoot
0
 
LVL 12

Author Comment

by:Barry Jones
ID: 17117579
I cannot now enable the windows firewall.  I suspect this is due to the fact that (using netsh) I enabled NAT routing.  IF I disable NAT and enable the win firewall then I have to use ICS to route and I cannot.

Thanks Naveedb.. any other ideas?

TheFoot
0
Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

 
LVL 10

Expert Comment

by:naveedb
ID: 17117607
I am little confused. Do you need to use ICS?
0
 
LVL 23

Accepted Solution

by:
Erik Bjers earned 400 total points
ID: 17118110
These guys offer a hardware firewall that can be controled from the windows command prompt
http://www.clavister.com/products/
http://www.clavister.com/support/support_utilities_fwctl.html

Sorry I can't find any windows based firewalls that support command rule change

I know that with a little effort you can use Symantec's Client firewall to create your rules and assign them.  You can store your rule set as an XML file so you can edit it on the fly, then they have a command line tule to apply the policy, it will take about 30 - 60 seconds to complete the entire operation though.

eb
0
 
LVL 12

Author Comment

by:Barry Jones
ID: 17123529
Naveedb, No I do not need or want ICS.  AFAIK I have to stop the Windows Firewall / ICS Service to allow NAT to work properly.  In fact, now I have enabled NAT, I cannot turn on the FW/ICS service.

Eb, I like the idea of a HW firewall, except for the fact that I am designing the internet box as a single device using a customized micro-atx case which has a switch built in to it.  There is no space to include another device.  Also, the cost of the device will then be too high.

Thanks both for your ideas.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17126093
Then I would start calling companies like Symantec, McAffe, Zone Alarms and ask for pre-sales support.  Ask a teck support rep if you can change the firewall policy on the fly from the command prompt.

BTW there are alredy devices out there that do what you want.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17126095
As far as your origional question

(hit enter too fast)

eb
0
 
LVL 10

Expert Comment

by:naveedb
ID: 17126522
Can you explain your issue with netsh and what commands did you use to configre the firewall?
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17127125
netsh is for the windows firewall, in order for the asker to create a NAT router in XP they had to disable the windows firewall.

eb
0
 
LVL 12

Author Comment

by:Barry Jones
ID: 17131014
Naveedb - yes as Eb says, I had to disable the windows firewall because it cannot be separated properly from ICS (as far as I know) and ICS cannot co-exist with the NAT router functions. (See Q_21920714.html for the exact commands that I used to enable NAT)

Eb, I have asked many firewall companies, and the ones that actually get back to me have said that it is not possible to edit the rules from the file system.  My current best hope is Tiny Firewall (www.tinysoftware.com) and they also have a development kit, so I may have to build a wrapper around this firewall engine.  I'll let you know what I find out.

The reason for building the device myself, is that I can keep the cost to a minimum, and properly integrate it with my billing application.

Thanks, TheFoot
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17131956
OK good luck

eb
0
 
LVL 12

Author Comment

by:Barry Jones
ID: 17318742
Sorry - I have been travelling.

I have decided to go with a piece of software called DNS redirector to achieve what i need rather than programmatically controlling a firewall.  Here is the EE article detailing the solution:  http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/Q_21922358.html

Thanks all for helping with this matter.  At some point in the future I would still like to use my original solution, so if and when I find a solution, I will start a new thread.

Cheers, TheFoot
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5505 NAT question 8 126
can't ping datacenter from only one server in office 10 78
Network Activities  please help 16 88
Firewall attack 16 199
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question