Tiny hardware firewall opened to Linux hackers
Nov 11, 2008 — by LinuxDevices Staff — from the LinuxDevices Archive — 30 views[Updated Nov. 13] — Linux hobbyists and hackers have gained access to two of the most highly miniaturized hardware platforms shipped to date. Yoggie has started shipping ope-source based, user-modifiable versions of its inline and USB key-shaped security appliances.
Like Yoggie's previous products, the two new Open Firewall devices are among the most highly miniaturized computing platforms in the world. Equipped with CPU and memory resources akin to a powerful modern smartphone, they are much, much smaller. The SOHO has a “credit card” size form factor, while the even smaller Pico is little larger than a USB memory key.
The new Open Firewall products share the same hardware as two earlier Yoggie products, including:
- The Gatekeeper Pro/SOHO, a credit-card sized widget designed with two Ethernet ports for in-line installation on wired devices, regardless of the OS
- Gatekeeper Pico, which squeezes into a USB key. Still-closed OS drivers (XP/Vista and Mac OS X) reroute wired and wireless network traffic to the device via a USB port, which also powers the tiny gadget
Yoggie Gatekeeper SOHO (l) and Pico (r) devices,
whose hardware forms the basis for Yoggie's
new Open Firewall SOHO and Pico products
(Click either for details)
More recently, Yoggie began offering the Gatekeeper Card Pro, which works similar to the Pico (i.e., it uses a modified OS driver to reroute traffic). The Card Pro, however, comes in a PC Express card form factor that fits completely within the host Windows or Mac PC. Yoggie has not yet offered an open version of the Card Pro, however.
The Open Firewall SOHO and Pico
As noted, the Open Firewall products use the same hardware as two previous Yoggie products. Specs are as follows:
- Processor: 520MHz Marvell PXA270
- 128MB RAM
- 128MB Flash
- 2 x Ethernet (SOHO only)
- 1 x USB (Pico only)
Though the hardware is the same, the Open Firewall products do not include Yoggie's still-proprietary “Gatekeeper” Linux stack. They do come with Yoggie's “Management Console” web interface, shown below.
The Open Firewall products include Yoggie's web interface
(Click any screenshot to enlarge)
Additionally, the Open Firewall products come pre-installed with an open source firewall stack said to provide the following:
- Stateful Inspection packet filtering
- Dos /DDos attack detection and prevention
- Syn Flood attack detection and prevention
- Port Scan and ICMP attack detection and prevention (Smurf and Fraggle Attacks)
- Layer 2 attack prevention (ARP spoofing and poisoning)
Additionally, the new Open Firewall products include an ssh server, letting developers SSH in to install new software applications on the devices. Yoggie provides a cross-compiling SDK aimed at making it fairly simple for developers to use x86 development hosts to build software for its minuscule ARM-based devices.
A 170MB download, Yoggie's Open Firewall SDK includes a full 479MB Debian filesystem that the user chroots into to write and compile software. The GNU debugger (gdb) is included as an example application, and a shell script is provided to help users package it in Debian's deb package format. Completed debs are downloaded via SCP to the Yoggie device, and installed from an SSH shell with dpkg.
Although the hardware is the same, owners of existing Yoggie devices will not be able to use the SDK to add software to their devices, since their devices do not provide SSH access. Those who wish to modify software on devices without SSH servers can use Yoggie's optional “Security Manager” server to do so, however.
To support community developers hacking Open Firewall devices, Yoggie has established a Developer website, which offers basic documentation, downloads, and forums. The site can be found here.
Yoggie Founder Shlomo Touboul stated, “This powerful platform includes a fully functioning firewall, protecting out of the box Windows, Mac, and Linux PCs. Developers can add extensions and applications to produce enhanced solutions for PC security, management, backup, and content sharing.”
Availability
The Open Firewall Pico is available now, priced at $50 for three months, then $70 thereafter. The Open Firewall SOHO is available now, priced at $80 for three months, then $100 thereafter.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.