Indigo Software-Defined Firewall policies are written as scripts
Indigo Software-Defined Firewall policies are written as scripts. Simply put, a script is an interpreted program that can carry out a series of tasks and make decisions based on specific conditions it finds in a network.
A core component of the Indigo firewall, is an advanced scripting engine developed with years of R&D by Indigo Software. It uses scripts based on the Lua programming language, which makes them small, portable and fast—provides the following features:
Flexibility Policy rules, lists and objects can be integrated with external systems (RADIUS, SQL, HTTP, etc.) and data feeds (IP reputation database and malware hash lists); data can be arbitrarily processed (JSON, XML, CSV, etc.). |
|
Just-in-time compiler Scripts are compiled to native x86 machine code for optimal performance. |
|
Dynamic reload Scripts can be reloaded live in production without restarting Indigo Firewall, and all state information is retained. |
|
Sandbox Scripts are memory-safe and sandboxed; errors in scripts cannot crash the main Indigo Firewall processes. |
Events
The scripting framework is based on an event-based programming model. The Indigo Firewall’s DPI engine generates a number of different kinds of events: e.g., when new flow is established, when an HTTP request is completed, or when flow is classified as a certain protocol/application. Events contain all relevant information such as IP addresses, port numbers, URIs, filenames, emails, and other metadata from protocol decoders. This enables script developers to tap into relevant events and access all decoded information.
Verdicts
Scripts can set verdicts for flow: accept, reject, rate-limit, HTTP redirect, DNS reply, or inject custom packets. In addition, scripts can take action: log to file or remote systems, or generate billing record.
Flow and Subscriber objects
An arbitrary number of state variables can be stored for each flow and subscriber object, and later referenced. State variables are flow-/subscriber-specific and can be of any type: Boolean, integer numbers, strings, arrays, or tables.
Pattern Matching
High-performance, multi-pattern matching engine allows simultaneous matching of large numbers of regular expressions across streams of data. Matching engine supports up to tens of thousands signatures and enables scripts to implement IPS/IDS functionality.