firewall

S

Skur

i need to know if it's possible to write a full firewall with c#. Not just
closing/opening ports , but application capable of what can be achieved by
using norton firewall, zone alarm, kerio etc. , or EVEN iptables (linux
:> ). Please, answer me. All knowledge will be extremely precious.
slawekg
p.s.
sorry for cross-posting
 
D

DalePres

Sure, you can do it with C# along with a generous portion of Platform Invoke
.. But why would you want to? Those organizations have teams of developers
who are experts in the field. What their team of a dozen people can do in 2
years, would take you at least 24 years. Imagine how that would look if you
compare to an organization like Norton who may have 100 or more engineers
writing firewall products.

DalePres
 
W

Willy Denoyette [MVP]

Decent Firewall's operate at the driver level, and you can't use C# or any
other managed language at that level, so the answer is no.

Willy.
 
S

Skur

ok, what about managed c++ ?
and i sure know i can't compare with norton, i was more asking for
possibility to achieve the same abilities.
thanks!!
 
W

Willy Denoyette [MVP]

Managed C++ is also a managed language, right?
The core of a Firewall is a Packet filter driver, so your only option on
Windows is C/C++ and the DDK.

Willy.
 
U

uru

Managed C++ is also a managed language, right?
The core of a Firewall is a Packet filter driver, so your only option on
Windows is C/C++ and the DDK.
Click to expand...

sorry! i didn't see that, my fault...
if it's only about packet filter, why can't use the one from windows 2000?
this articles it all:
http://www.codeproject.com/tools/firewallpapi.asp
http://www.codeproject.com/managedcpp/packetfilteringnet.asp

http://www.txakynetwork.tk/

so again: if it only would be packet filter, it wouldn't be a problem. but
it's not. for example, what's the way to open/close ports (have all the
control over them)...
so Willy?
 
W

Willy Denoyette [MVP]

uru said:
sorry! i didn't see that, my fault...
if it's only about packet filter, why can't use the one from windows 2000?
this articles it all:
http://www.codeproject.com/tools/firewallpapi.asp
http://www.codeproject.com/managedcpp/packetfilteringnet.asp

http://www.txakynetwork.tk/

so again: if it only would be packet filter, it wouldn't be a problem. but
it's not. for example, what's the way to open/close ports (have all the
control over them)...
so Willy?
Click to expand...

No it's not simply about packet filtering. What you should do is develop a
NDIS Intermediate driver (what I called a Packet Filter Driver). Such driver
sits between the protocol driver and the NDIS miniport driver, anything else
runs to high in the network protocol stack to be effective.
The articles you are refering to expain how one can use the W2K/W2K3 Packet
filter API's to edit the blocked IP/Port tables in the "Protocol Filter
Driver" (only available on W2K/W2K3), this is however not enough to
implement a decent firewall. This is the reason why W2K3 SP1 will include a
Firewall just like Windows XP SP2.
So, why would you write one yourself?

Willy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

firewall 1
Vista compatible Firewall 7
Seeking firewall rules for Diskeeper 2008 Home edition 1
XP2 Firewall 7
firewall 2
Firewall Question 3
New DGteam Firmware (DG834GT) 4
hardware and software firewall with the reporting 1

Top