The Firewall app can be used to individually restrict the communication between controller (device) and network(s). Thus, the machine is protected against unauthorized third-party access by viruses and Trojan horses. The Firewall app uses the firewall technology Nftables.
Nftables uses tables (IP, IP6, Inet), chains (Input, Output, Forward) and rules that are hierarchy levels at the same time. Tables include chains that include the actual firewall rules. The app provides a graphic interface of the Nftables functionality. This allows to comfortably create, edit and manage rules for network traffic/ packet filtering.
The firewall app offers Network Address Translation (NAT). NAT makes it possible to replace the destination or source IP address of a data packet with another address in the data packet. Both destination and source NAT are supported. Using source NAT of the firewall app, several devices (IP addresses) of the machine from the machine network can communicate with the production network via the ctrlX CORE using a single IP address (masquerading), which has security advantages. In contrast, Destination NAT enables the firewall app to address different services on different devices (IP addresses) in the machine network via one IP address of the ctrlX CORE from the production network (port forwarding).
Firewall based on Nftables.
Network tables for IPv4, IPv6 and Inet (IPv4 + IPv6) network traffic.
Chains for Input (packets received by device), Output (packets leaving the device) and Forward (packets passing the device).
Rules support simple and advanced expressions toaccept,droporrejectnetwork packets.
Chain Management - managing of network rules (Create, edit, delete).
Rule Management - managing of expressions (Create, edit, delete, change of sequence).
Monitoring of rule(s) configuration via network packet counter.
Source NAT to adapt the source address of the data packet.
Destination NAT to adapt the destination address of the data packet.