TeamF1 : Products : FireFly :

FireFly

Embedded IP Packet-Filtering and Stateful Inspection Firewall

FireFly is a high performance, embedded IP packet-filtering firewall implementation. It enables filtering based on a wide variety of criteria such as source and destination IP address, TCP/UDP ports, protocol type, incoming and outgoing interfaces and many other packet fields. Its core engine permits or denies packets from passing through it based on pre-defined and easily configurable policies that may be specified using rules files, a command line interface or programmatically using its flexible APIs. FireFly includes hooks for dynamic firewalling and stateful inspection. Its small footprint, low latency and robustness make it the firewall of choice in embedded networking applications and an ideal perimeter security complement to network security technologies such as IPsec, SSH and SSL.

PDF datasheet

ds-3.0

FireFly is a robust, lean, high performance, packet-filtering firewall implementation for embedded devices. Its core engine permits or denies packets from passing through it based on pre-defined and easily configurable policies, including dynamic addition of new rules to guard against any detected attacks or denial of service conditions such as unicast and broadcast ICMP flooding.

Firefly can guard ports from external access or just monitor them based on the system's security policies. Sophisticated control of packet filtering may be based on the packet's source / destination IP addresses, source destination TCP or UDP ports, protocol type, network interface and much more!

FireFly�s unique, advanced features also include hooks for dynamic firewalling which when used in conjunction with a NAT implementation can implement convenient, yet highly secure policies for unrestricted access to traffic initiators from inside the firewall-protected network while blocking access to ports from the outside with just a single rule.

Features

	Fully configurable IP packet filtering.
	Extremely small footprint.
	Low network latency.
	Dynamic firewall support in conjunction with NAT.
	Forwarding, logging, and hooks for stateful inspection.
	Easily controlled by webserver through string based CLI.
	Includes rule numbering support.
	Support for CPU types of either endian-ness including PowerPC, MIPS, X86, ARM/XScale.
	Royalty-free!

Control for FireFly is in the form of string-based rules that can be implemented as a standard text file or embedded in XML or HTML for provisionable configurability. Fine-grained control of the firewall's datastructures is also possible using the supplied APIs.

FireFly Operation

Application defined stateful inspection can also be added in easily with the provided hooks that let applications track the state of packets going through the engine.

FireFly may be used in standalone mode to provide perimeter or node security, or as an adjunct to network security protocols such as SSH, SSL and IPsec. When used in conjunction with network security protocols it can also be used to force all traffic into/out of the device to be encrypted by blocking off all application ports that may have allowed insecure / unencrypted access.

FireFly has been extensively validated on a variety of CPU architectures, and this minimizes development and integration efforts. FireFly transparently works with the native OS network stack or with TeamF1�s NetF1 high-performance stack as well as other third-party stacks. FireFly's small footprint and robustness have been specifically designed for use in an embedded environment. FireFly�s unprecedented flexibility and easy customization make it the firewall of choice in embedded networking applications.

Special Features

	Supports dynamic NAT entry modification based on accesses initiated from inside the firewall to provide unrestricted internal initiated access with maximum external blocking
	Support of IP and network blacklisting
	Includes reference rules for Denial of Service (DoS) avoidance
	Ultra-small memory footprint and minimal dynamic memory usage
	Very low network latency