Linux powers flexible industrial firewall
Nov 22, 2006 — by LinuxDevices Staff — from the LinuxDevices Archive — 15 viewsAds-tec GmbH is shipping a Linux-powered firewall device for industrial networking applications. The IF1000 Industrial Firewall implements an easy-to-use appliance that can either operate as a layer 2 filtering switch or as an IP router with IP filters, and that offers flexible power control functions, according to the… company.
(Click here for larger view of the IF1000)
Unlike ordinary firewall devices, the IF1000 implements a unique “Cut & Alarm” function that's meant to interact directly with a PLC (programmable logic controller) or other industrial control device, according to Ads-Tec software engineer Steffen Pfendtner.
The Cut & Alarm feature is controlled via user-defined firewall rules, which activate/deactivate 24V DC power control signals on the device's “alarm” connector. Additionally, a “Cut” input signal on the alarm connector allows an external control unit to drop the firewall's uplink interface without any software interaction, resulting in a control mechanism that is “as safe as pulling the power plug,” Pfendtner says.
IF1000 Cut & Alarm interactions
(Click to enlarge)
In addition to these unique capabilities, the IF1000 naturally provides all standard firewall functions — such as DHCP server, VPN, and RS232 serial modem links — and includes a “rule wizard that provides a firewall system for dummies,” according to Pfendtner.
Front panel pushbuttons, along with a small LCD display, enable fast and easy setup and status display. Using the front panel display and buttons, users can accomplish basic configuration, such as setting the IP address of the device, displaying status information — including CPU load, network throughput graphs, and Cut & Alarm signal status — and accessing selected firewall logs. Additionally, an http-based web interface is available for remote access to the device.
Other key connections and features of the device include:
- Ethernet Uplink — 100BASE-TX or 100Base-FX (MTRJ)
- Ethernet Switch — four 100Base-TX ports
- PoE power supply on uplink Port
- Two 24V power connectors, for main and backup power
- 24V “Cut & Alarm” I/O ports
- RS232 port for modem connections
- ID-000 smartcard reader
- Internal MiniPCI slot for options; ships with a NVRAM card for storing syslog information
- Front panel display — 128 x 64 pixel monochrome LCD
- Six front-panel buttons for system control
Linux within
The IF1000's Linux-powered embedded computer is based on an Intel XScale IXP425 processor clocked at 533 MHz, and is equipped with 32MB of RAM and 16MB of flash memory.
The device runs a customized 2.4.27-uc1 uClinux kernel, ported by Ads-Tec's internal staff, according Pfendtner. OpenVPN and OpenSwan IPsec run on the IXP425's internal crypto engine, according to Pfendtner The device also makes use of Sqlite for managing system configuration data, and its firewall functions are based on netfilter, iptables, and ebtables.
Ads-Tec used embedded Linux in the IF1000 because of its “outstanding networking and firewall features, which were easily extendable,” Pfendtner adds.
The IF-1000 appears to be available now. Pricing was not disclosed.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.