i have to built a firewall from scratch but i dont know how to start, any usefull suggestion will be appriceated.
The project i have is to built a firewall from scratch with user interface, i m thinking something in linux with iptables, a web interface for user, but can a user change iptables rules from a web interface connecting with a cgi script, should i make the user interface with c ?
is it possible to built a firewall in that way? if anyone have something to suggest plz post it here or pm me
I'm assuming you've got to do this as an assignment or a project. In that case I would first define the scope of the project carefully. Modern commercial firewalls offer quite a range of advanced features and helps that you can't hope to replicate for an assignment. So define your scope - a basic firewall needs to have two interfaces that the operating system can route between, then on top of that it needs to have some sort of rule-based enforcement engine that will permit or deny packets according to the rules. Given that, your task becomes manageable.
I'd say that iptables is probably the way to go. Get the basics working first in their raw form then figure out a way to build a user interface to manipulate them. There's a lot of documentation on iptables on the internet and you'll find several experts here on Firewall.cx if you have problems. Let us know how you get on.
To add to the Bishop's advice, after gaining proficiency in iptables and sorting out the basis of your firewall, your user interface can definitely be constructed using cgi scripts. A number of popular iptables-based firewall distributions use this method. IPCOP
for example uses perl for the web interface, which obviously makes development easier and faster.