Conventional firewalls rely on a strict outside/inside topology where the gateway(s) enforce some sort of traffic filtering. Some claims that with the evolving connectivity of the Internet, the traditional firewall has been obsolete. High speed links, dynamic topology, end-to-end encryption, threat from internal users are all issues that must be addressed. Steven M. Bellovin was the first to propose a ``distributed firewall'' that addresses these shortcomings.
In this master thesis, the design and implementation of a ``distributed firewall'' with an intrusion detection mechanism is presented using Python and a scriptable firewall (IPTables, IPFW, netsh).