Floodgate Packet Filter from Icon Labs is an embedded firewall that allows networked devices to control the packets they process. It protects against potentially malicious attacks by filtering packets before they are processed by an embedded device. Floodgate Packet Filter is provided as a portable source code library that can be integrated into an embedded device and can be added at any layer in the IP stack. It includes sample applications that illustrate its use at layer 2 to protect against broadcast storms and at layer 3 to protect against packet floods.
Floodgate’s dynamic filtering engine performs filtering based on network traffic patterns. Thresholds are used to determine the level at which network traffic will be blocked. The dynamic filtering engine does not require any knowledge of the network configuration or make any assumptions about what network traffic that should be allowed or blocked. Instead of requiring fixed rules that may or may not be effective, Floodgate analyzes traffic patterns in real time and performs filtering based on this information. The dynamic filtering engine does not drop any packets as long as the network traffic patterns remain below the configured thresholds.
The Floodgate firewall provides both threshold-based filtering and rules-based filtering. Threshold-based filtering protects against denial of service attacks, broadcast storms and other conditions that result in a flood of unwanted packets, while rules-based filtering enables whitelisting and blacklisting based on criteria such as port number, protocol or source IP address. Floodgate’s static filtering engine uses rules to filter packets and supports whitelist and blacklist filtering, source IP address filtering, protocol filtering, MAC address filtering and port filtering.
Floodgate’s API allows users to configure the type of filtering (dynamic, static or both), filtering rules, interval length, high water threshold, low water threshold, event logging and permeability, which controls the percentage of packets dropped when filtering is activated due to a threshold crossing. It can be used with operating systems such as VxWorks, Linux, QNX, or eCos, or in systems without an operating system.
Image: Icon Labs