Link to home
Create AccountLog in
Avatar of Arnabtech
Arnabtech

asked on

How to build a Firewall on UNIX ?

I want to build a firewall on Unix platform in C/C++ . It will allow the traffic to some known IP only.
Similar to iptables. Can anybody please provide any help . Do need to write the network driver ?
Avatar of jlevie
jlevie

Is there some reason that you can't use iptables? If you can't, look at the source for iptables to see how to approach the problem.
Avatar of noci
What Unix are you using:

Linux uses iptables
BSD uses Packet Filter (or PF).

There are various ready to run firewalls for both environments. Mostly as an Installation CD that after booting installs a complete firewall system on your PC.

Most other Unices have little firewall support.
The support for iptables is in the Linux kernel. For every iptables feature you use, you need to load an LKM (Linux kernel module). So you can't just write something "Similar to iptables" for some random UNIX platform, unless you have access to the kernel source for that platform.
Avatar of Arnabtech

ASKER

Thanks for all the answers. I am using CentOS and have the access to the kernel source.
I building a custom applications to monitor the traffic and block them if required. So I can communicate with the Firewall to pass a packet or not based on deep packet inspection. Its kind of SNORT .
iptables already has the QUEUE and NFQUEUE targets to pass packets for custom inspection - why not use one of them?

(my last post for a few days)
There are two angles to approach this: Linux only (use QUEUE & NFQUEUE and iptables stuff) or a general approach use libpcap to capture packets running on a host of systems. (Even non linux if you like).
http://www.tcpdump.org/ is the home of libpcap.

libpcap is designed to be used by tcpdump, but is also used in wireshark, carp and other product that need to capture odd frames of traffic.
iptables will only match IP packets that are more or less valid and nothing else.

I am a bit familiar with libpcap . If I go for a packet capture based firewall will it be able to handle gbps traffic?

ASKER CERTIFIED SOLUTION
Avatar of noci
noci

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Oh and an application level system might not scale well in the Gbps range..
OTOH how much better would a DPI system do anyway... The decision is far more complex then just an ipaddress/port combination.