wolfSentry Embedded IDPS
Descri ption
wolfSe nt ry
is an embedded firewall and IDPS (intrusion
detection and prevention system). At its core, it features an
embedded, dynamic firewall engine, with fast and efficient
lookups. wolfSentry is dynamically configurable, with test-
co mmit se man tic s, an d can easil y asso ciate u se r- def in ed
events with u ser- defined a ctions, context ualize d by both
built-in and user-defined connection attributes, tracking the
evolution of the network transaction profile.
wolfSentry is fully integrated into the wolfSSL library, as
well as wolfMQTT, and wolfSSH, with optional in-tree call-
ins and callbacks that give application developers turnkey
IDP S across all network-facing wolfSSL product s, with a
viable zero-configuration option. These integrations will be
available via simple --enable-wolfsentry configure options in
wolfSSL sibling products.
The wolfSentry engine is dynamically configurable
pro gramm atically throug h an API, o r from text ual input s
supplied to the engine. Callback and client-server
i mpl em en tati o n s are al so un de r dev el o pmen t th at wi l l
deliver advanced capabilities including remote logging
through MQTT or syslog, and remote configuration and
status queries, all cryptographically secured.
Notably, wolfSentry is designed from the ground up to
function well in resource-constrained, bare-metal, and
realtime environments, with or without thread support,
using deterministic algorithms that maximize availability
and stay within rigidly designated maximum memory and
scheduling footprints. Use cases include RTOS IDPS, and
IDP S for ARM silicon and other common e mbe dded CPUs
and MCUs. wolfSentry with dynamic firewalling can add as
little as 100k to the code footprint, and 32k to the volatile
state footprint, and can fully leverage the existing logic and
state of applications and sibling libraries.
If you have interest in using wolfSentry or any questions or
comments, please contact wolfSSL at facts@wolfssl.com.
Supp orted Chip ma ke rs
wolfSSL has support for chipsets including ARM,
Intel, Motorola, mbed, NXP/Freescale, Microchip/Atmel,
STMicro, Analog Devices, Texas Instruments, Xilinx
SoCs/FPGAs, Renesas, Espressif, and more.
If you would like to use or test wolfSSL on another
chi pset or O S, let us know and w e’ll be ha ppy to su pport
you.
wolfssl.com
github.com/wolfssl
Copyright © 2021 wolfSSL Inc. All Rights Reserved
F eatu res
• wolfSentry is designed to integrate directly with
network-facing applications/libraries to block bad
traffic, an d it can optionally integrate wit h host fire
wall facilities, via plugins.
It can run on bare metal, in which case the firewall
• functions can be directly integrated into the network
stack of the application via patched-in call-ins, or
cal l bac ks i n stal l ed usi n g ho st en v i ro n m en
t i n terf ac es.
• Fully extensible o
a dynamically configurable logic hub o
user-defined rules link app-defined events
with app-defined actions via plugins §
plugins can be filters, decision logic,
and/or orchestration logic o
hub and plugins are mainly keyed on network
attributes, and track current status o
plugins can also track and use fully app-
defined data for ea ch network asso ciation
• Fully integrated into wolfSSL, wolfMQTT, and wolfSS
Ho
zero-development IDPS across all network-
facing wolfSSL products, using bundled COTS
plugins o
zero-configuration option o
simple --enable-wolfsentry configure options
in wolfSSL sibling products
Dynamically configurable o
• programmatically through an API o
textual human-readable configuration files,
l o adabl e/ rel o a dabl e at an y ti me
Bundled plugins for remote logging, commands, and
• status queries, secured with TLS o
MQTT o
Syslog o
SMTP o
embe d de d web s erv er wit h RESTf ul API
Supp orted Op eratin g En viron ments
Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWor
Net BSD, O pe nBSD, e mbe dde d Li nux, Yo c to Linu s, O p enE mb ed ded,
Wi nC E, H ai ku, O p en W RT , iP ho ne ( iO S) , A ndr o id, Ni nt en do W ii an d
Gam ec ube thr o u gh D ev K itP r o , Q NX, Mo ntaV ista, O pe nC L , No nSto p,
TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS,
F r eesc ale MQ X, Nuc le us, T i ny O S, H P / UX, A RC MQ X, T I-RT O S, uT as
embO S, INt im e, Mb ed, uT-Kernel, RIOT, CMSI S-RTOS, FROSTED, Gree n
Hills INTE GRITY, Ke il RTX, TOPPERS, PetaL in us, Ap ache My newt,
P ikeO S, D eo s, A zur e S pher e O S, F r ee BSD