hai frnds,

i want to do a firewall application in c#.net, i want guidless and examples for this application. please help if anybody already done r previous experience plz help me.


bye,
kaviya

Hi,

If you are trying to do a local firewall which protects the installed PC only (like ZoneAlarm) then you have to write a Network Filter Driver which is a kernel mode module like any device driver; and this can't be done on a .Net language.
If you want to code for a machine which will stand between Internet and LAN and serve as a filtering router (which most hardware firewalls actually are) then you can do this but need access to promiscuous mode and be able to forge packets with raw socket access discarding the TCP/IP stack. You can do this using WinPcap and C# wrapper libraries for it but not a very easy task. You need to have excellent command on OSI model, TCP/IP protocol/stack and layer 3 routing.

Loren Soth

Hey!! i have just joined the daniweb fourms... you have mentioned in reply of message firewall... that we cannot make firewall in C#... are u really serious ?? i mean... you just cannnot make it ?? in .NET ??
so i need a language like C++ ??

Hi,

You can't write kernel mode device driver in managed code (C#, VB.Net) which is required to write network filter driver which can drop packets (main functionality of firewalls)
You can sniff network traffic on managed code using wrappers to native code (all in user mode) which would let you code IDS (Intrusion Detection System) at best, but can't drop or inject packets. Sorry.

Loren Soth

Hi all,
I'm somehow researching on how to design and program such a thing.
Even I thought about hardware issue[hub/switches,routers,...] involved and how to design and program an OS for them.
I just found some C/C++ libraries called pnet[libpnet] and dnet[libdnet]
which can be easily found on http://www.sf.net/

Good luck.

Hi,

Like libpcap (core of WinPCap I previously mentioned) libdnet also requires you to load a driver to your computer but different than libPcap it can drop packets, change routing tables or change the content of packets at any OSI layer. But those modifications affect only your PC unless you code a gateway firewall and let others connect to net through your machine; because if you aren't the relayer of the packet droping them won't affect the actual destination.

Loren Soth

This article has been dead for over six months. Start a new discussion instead.