A MAIN PROJECT SEMINAR ON

PACKET FILTERING FIREWALL USING

NETFILTERS IN LINUX FOR ARM9

BY:
R. SRINIVASULU (07N21A0446)
CH. SHIVA RAM (07N21A0442)
K. MALLIKARJUNA (07N21A0422)
V. SUMAN KUMAR REDDY (07N21A0448)
AIM OF THE PRESENTATION
 Introduction and aim of the project.
 What is a firewall?
 What are netfilters?
 Why Linux?
 Arm9 features.
 Project overview.
 Advantages and applications.
 Future scope.
AIM OF THE PROJECT:
 Network Security is a huge concern for enterprise networks.
 Firewall is a machine which sits between public and private
networks and block traffic based on configurable rules.
 Linux kernel provides a mechanism to implement our own
firewall using NETFILTERS.
 So using this feasibility of Linux we create our own firewall and
make it to block packets belonging to different protocols
according to our commands.
 BLOCK DIAGRAM OF PROJECT

INTERNET

(LAN/WAN/
MAN) FIREWALL IN ARM 9
LINUX ON
KERNEL S3C2440
EMBEDDED
BOARDS
ESSENTIALS OF THE PROJECT

 The main components of the project are

 ARM9 Processor.
 Linux Operating System.
 Firewall Module.
 Internet(LAN/WAN/MAN).
ARM9 PROCESSOR FEATURES
 ARM stands for Advanced RISC Machine.
 It is a 32 bit RISC microprocessor.
 In 2005 about 98% of one billion total mobile phones sold contains ARM
processor.
 Offers very high performance with less power consumption.
 The main features of ARM9 are:
5 stage pipeline .
 Processor speed- 250 MHz

 Harvard architecture

 156 MIPS

 Cache memory- 16KB

 Supports Windows CE, Symbian OS, Linux, Palm OS and Android

ARM9 APPLICATIONS
 Consumer Electronics
 Networking

 Automotives

 Embedded
WHY LINUX???
 Linux is freely distributable open source operating system.
 It is Portable.

 Follows monolithic kernel architecture.

 Runs on most of the processors even on ARM.

 Scalable, can run on super computer and also tiny devices.

 Excellent Networking support.

COMPUTER NETWORK
 A Network is a series of points or nodes interconnected by communication paths.
o There are 7 layers proposed by ISO and named as OSI/ISO reference layer. They are
namely Physical, Data link, Network, Transport, Session, Presentation, Application.
 Networks can be classified on the basis of spatial distances. They are
 LAN

 MAN

 WAN

o There are many protocols on which network operate few are TCP/IP, ICMP, HTTP etc.
o On internet, the network breaks a message into parts of a certain size in bytes. These are
called packets.
o These packets consist of Sender’s IP address and Destination’s IP address.
o All these packets travel through routers, switches, bridges, gateways which operate at
respective layers.
NEED FOR SECURITY
 When a device is connected to a network and begins communicating with it, it is taking a
risk.
 Network security is generally taken as providing protection at the boundaries of an
organization by keeping out intruders.
 Information Security focuses on protecting sensitive data from malware attacks using Data
Loss Prevention(DLP) techniques.
 Firewalls are used to provide the security to a system.
 A firewall is a part of a computer system(OS) or network that is designed to block
unauthorized access while permitting authorized communications.
 A firewall’s basic task is to regulate some of the flow of traffic between computer networks
of different trust levels.
WHAT IS PACKET FILTERING??
 Packet filters act by inspecting the “packets” which represent the basic unit of data transfer
between computers on the internet.
 If a packet matches the packet filter’s set of rules, the packet filter will drop or reject the
packet.
 A packet filtering firewall examines the header of packet, to determine source, destination
and type of protocol.
 Packet filtering firewalls work on the first three layers of OSI reference model.
 Packet filters follow a set of pre-defined or user defined rules and decide which packet to
drop an which packet to accept.
 If a rule is something like “drop all HTTP traffic” then all packets with HTTP header are
dropped.
HOW DOES THE PROJECT WORKS???
 In our project we insert the firewall into Linux kernel and run it on ARM9 board.
 The actions such as Accept, Drop are to be taken with respect to the user defined rules
based on

a) Protocol Type

b) IP address

c) Port numbers
 First we assign a ip address and default gateway to our board and connect it in LAN.
 If we wish to block the ICMP packets then the command can be given as

“./user_arm_firewall --protocol icmp”

 When this command is executed our firewall gets activated and no icmp packets will be
transferred or it can be regarded as icmp packets are dropped.
 The same way we can implement on other protocols, port numbers ip addresses etc.
ADVANTAGES AND APPLICATIONS
 Basic level security can be provided efficiently.
 User can configure the rules to his choice.
 Time management helps user to run firewall at his choice of time.
 The power requirement of ARM processor is low.
 This project uses Linux which gives flexibility to implement our own firewall.

 Firewall is applied any system where basic security is concerned.

 Provides complete action of user choice to select particular packets.
 Time based applications are also been achieved to specify the activation of packets for
the respective time periods.
FUTURE SCOPE
 Firewall can be extended over applications like
 Maintaining statistics of number of packets dropped/accepted.
 Storage of dropped packets for future use.
 It can be designed in such a way that it gets activated on its own for the time it is
scheduled to.
CONCLUSION
 Packets are filtered by firewall using net filters and the basic security is been achieved
using the firewall.
 Linux kernel provides a mechanism to implement our own firewall. This mechanism is
called "Netfilters".
 Hence Packet filtering using Net filters can successfully be implemented on an ARM
processor.
 The firewall developed is free of cost and also provides the basic level of security.
 Netfilters firewall can drop packets based on protocols like http, icmp and based on
source and destination ip address, port numbers.
 Hence the user can configure and derive many more applications.
QUERIES..??
THANK YOU…!!!