Floodgate-Packet Filter is an embedded firewall from Icon Labs that allows networked devices to control the packets they process. It protects against potentially malicious attacks by filtering packets before they are processed by an embedded device.
Floodgate-Packet Filter is provided as a portable source code library that can be integrated into an embedded device and can be added at any layer in the IP stack. It includes sample applications that illustrate its use at layer 2 to protect against broadcast storms and at layer 3 to protect against packet floods.
Floodgate’s dynamic filtering engine performs filtering based on network traffic patterns. Thresholds are used to determine the level at which network traffic will be blocked. The dynamic filtering engine does not require any knowledge of the network configuration or make any assumptions about what network traffic that should be allowed or blocked.
Instead of requiring fixed rules that may or may not be effective, Floodgate analyzes traffic patterns in real-time and performs filtering based on this information. Only when network traffic patterns exceed the configured thresholds will packets be dropped by the dynamic filtering engine.
It provides both threshold-based filtering and rules-based filtering.Threshold-based filtering protects against denial of service attacks,broadcast storms and other conditions that result in a flood of unwantedpackets. Rules-based filtering allows white-listing and black-listingbased on criteria such as port number, protocol or source IP address.
Floodgate’s static filtering engine uses rules to filter packets and supports white list and black list filtering, source IP address filtering, protocol filtering, MAC address filtering and port filtering.
Floodgate’s API is used to configure:
- Filtering type (dynamic filtering, static filtering or both)
- Filtering rules
- Interval length
- High water threshold
- Low water threshold
- Event logging
- Permeability – controls the percentage of packets dropped when filtering is enabled due to a threshold crossing
It can be used with operating systems such as VxWorks, Linux, QNX, or eCos, or in systems without an operating system.