Netfilter API and a New firewall implementation

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Tharanga" <tharanga@roomsnet.com>
To: <netfilter-devel@lists.netfilter.org>
Subject: Netfilter API and  a New firewall implementation
Date: Mon, 19 Feb 2007 14:31:15 +0600	[thread overview]
Message-ID: <001201c75400$5479a560$2aff7893@RoomsNet.com> (raw)

Dear All,

Iam Tharanga and currenty a computer science student. Iam going to implement
a distributed firewall on linux 2.6.X kernel  (As my research project ). and
after reading lot of materials thought to use netfilter frame work. my main
objective is to build a centralized policy management server and
unicast/multicast rules propagation algoritm to its peer nodes.(update peer
nodes)

You guys are experts on this.but still i dont know how to block packets in
realtime withoout restarting my program or unloading/loading modules. its
basically like IPTABLES -A option . so please expalin me how to append a
firewall rule (iam not using IPTABLES, going to use my own firewall ) to my
program. so once the peer node receive the new rule from the polcy
management server it can block that traffic realtime.

and also i  like to know some suggestions from you guys abot my distributed
firewall please let me know ur comments on that so i can add more features
to that implementation.

thought to add

centrilized policy manager (it handles distributed server firewall rules,
one zone file for each host with its policies like DNS zone concept)
centralized firewall monitoring module  (php and AJAX based) / integrating
with Opensource SMS gateway and admininstraotrs can query the firewall
status via SMS

secure protocol to distribute firewall rules among peers.  in order to
prevent man-in the middle attacks and firewall poisoning.

sorry for the huge mail..please help me to achive my objectives..

Many thanks and have a great day !

Tharanga

                 reply	other threads:[~2007-02-19  8:31 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='001201c75400$5479a560$2aff7893@RoomsNet.com' \
    --to=tharanga@roomsnet.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).