Floodlight Firewall Application

by Amer Tahir for OpenFlowHub

The OpenFlow protocol naturally supports a basic set of stateless firewall functions (L2-L4). Floodlight is an enterprise-class, Apache-licensed, Java-based OpenFlow Controller that allows building network-oriented applications on top of OpenFlow platform. Using the Floodlight’s modular architecture and APIs, this project aims to build a Stateless Firewall application that would impose ACL rules on switches in the network, implemented in form of a Floodlight Module that enforces ACLs by defining flows and monitoring packet-in behavior. The firewall module exposes a REST and a Web based interface for (1) Defining firewall rules, (2) Viewing and modifying existing rules, and (3) Retrieve firewall statistics (packets/bytes allowed and dropped) for each switch managed by the controller.