lwIP (lightweight IP) is as the name suggests, a lightweight Open Source networking stack that is used in a lot of embedded systems. wolfSentry is a relatively new product by wolfSSL that provides a lightweight IDPS (Intrusion Detection and Prevention System). Of course, together the two should pair quite nicely, so the team at wolfSSL have created an example of how to do this.
The example uses Docker to create four containers and a specific virtual network so that the example configuration works as expected. One of the containers is a simple echo server and the other three are clients that the rules are designed to allow or deny.
The callback hooks in lwIP allow for easy integration and the example shows how to integrate for TCP/IP filtering, MAC address filtering and ICMP ping filtering. It is of course possible to filter other protocols and if you need advice on how to do such integrations the team at wolfSSL are here to help.
This example is freely available in the “examples” directory of the wolfSentry source here: https://github.com/wolfSSL/wolfsentry/tree/master/examples/Linux-LWIP
Further examples including STM32 with FreeRTOS and lwIP are coming soon. So watch this space!
Contact us at firstname.lastname@example.org for any questions or comments.