Icon Labs

Floodgate™ Embedded Firewall

Compatible Operating Systems: Any embedded OS
Supported Architectures: 8, 16, 32-bit MCU or CPU architectures

Floodgate is an embedded firewall that allows networked devices to control the packets they process. Floodgate protects against attacks by filtering packets before they are processed by an embedded device.

Floodgate uses a filtering engine that provides rules-based filtering, stateful packet inspection and threshold-based filtering. Rules-based filtering allows packets to be blocked based on static criteria such as port number, protocol, or source IP address. Stateful packet inspection maintains information on the state of each connection and uses that information to make filtering decisions. Threshold-based filtering protects against denial of service (DoS) attacks, broadcast storms, and other conditions that result in a flood of unwanted packets.

Library for Embedded Devices
Floodgate is a source code library that provides packet filtering capabilities for embedded devices. Floodgate uses callback routines that are inserted into the device’s packet processing code. Layer-based callbacks allow filtering to be easily inserted at any layer in the network stack for maximum flexibility.

Internet Threats for Embedded Devices
In enterprise environments, firewalls, intrusion prevention systems and other security devices protect against Internet threats. In the embedded environment devices are built using smaller processors and without the defenses found in more sophisticated environments. As a result, embedded devices are vulnerable to DoS attacks, packet floods and other Internet attacks.


  • Allows OEMs to easily add firewall security to existing products or new designs.
  • Portable source code for use with any embedded OS.
  • Fully configurable rules engine allows full control over filtering behavior.
  • Small footprint and optimized design for embedded systems.
  • Unique two-step filtering engine first blocks packets using filtering rules and stateful packet inspection and then using thresholds to protect from Internet threats, network traffic floods and DoS attacks.



  • Static filtering blocks packets based on configurable filtering rules. Supports filtering by source IP address, MAC address/type, port, protocol or user defined criteria.
  • Built in Stateful Packet Inspection (SPI) filtering for TCP/UDP and ICMP packets.
  • Threshold-based filtering blocks packets in real time based on threshold crossings.
  • Supports both whitelist and blacklist filtering.
  • Layer-based callbacks allow filtering to be inserted at any layer in the network stack for maximum flexibility.


Medical devices used in Surgical Instruments, Diagnostics (Imaging, Ultrasound, MRI, Scanner, X-ray), Therapeutic Equipment, Life Support Equipment, Monitoring Displays, Labatory Equipment, Precision Instruments, and Data Logging.



Contact Information

Icon Labs

3636 Westown Parkway
Suite 203
West Des Moines, IA, 50266

tele: 515.226.3443x22
toll-free: 888.235.3443x22
fax: 877.379.0504

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis