12/12/2023
Bosch Rexroth | App | Security

ctrlX AUTOMATION - Firewall

The Firewall app can be used to individually restrict the communication between controller (device) and network(s). Thus, the machine is protected against unauthorized third-party access by viruses and Trojan horses. The Firewall app uses the firewall technology Nftables.

Nftables uses tables (IP, IP6, Inet), chains (Input, Output, Forward) and rules that are hierarchy levels at the same time. Tables include chains that include the actual firewall rules. The app provides a graphic interface of the Nftables functionality. This allows to comfortably create, edit and manage rules for network traffic/ packet filtering.

The firewall app offers Network Address Translation (NAT). NAT makes it possible to replace the destination or source IP address of a data packet with another address in the data packet. Both destination and source NAT are supported. Using source NAT of the firewall app, several devices (IP addresses) of the machine from the machine network can communicate with the production network via the ctrlX CORE using a single IP address (masquerading), which has security advantages. In contrast, Destination NAT enables the firewall app to address different services on different devices (IP addresses) in the machine network via one IP address of the ctrlX CORE from the production network (port forwarding).

Features

  • Firewall based on Nftables.
  • Network tables for IPv4, IPv6 and Inet (IPv4 + IPv6) network traffic.
  • Chains for Input (packets received by device), Output (packets leaving the device) and Forward (packets passing the device).
  • Rules support simple and advanced expressions to accept, drop or reject network packets.
  • Chain Management - managing of network rules (Create, edit, delete).
  • Rule Management - managing of expressions (Create, edit, delete, change of sequence).
  • Monitoring of rule(s) configuration via network packet counter.
  • Source NAT to adapt the source address of the data packet.
  • Destination NAT to adapt the destination address of the data packet.

Firewall configuration

Firewall Configuration - Packet Flow Overview

Input filter chain

Firewall Configuration - Input Filter Chain

Support

Forum ctrlX IOT

Related Links

Latest published/updated articles

Types
ctrlX CORE Apps
Categories
Security