Error message

User warning: The following module has moved within the file system: ldap_user. In order to fix this, clear caches or put the module back in its original location. For more information, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1181 of /usr/local/stow/drupal-7.91/lib/drupal-7.91/includes/


Workshop in Information Security:

Building a Firewall within the Linux Kernel

0368-3500-40, Spring 2014

Lecturer: Eran Tromer
Teaching assistant: Coby Schmidt
Advisors: Assaf Harel, Ariel Haviv
Time: Tuesday 10:00-12:00
Place: Shenkar-Physics 105

Course overview
Firewalls control and monitor access to networks, and are found in every organization and personal computer. Emerging as an Israeli innovation two decades ago, modern firewalls perform sophisticated packet analysis tasks at a very high throughput.

In this workshop we will study the basic design of firewalls, and recreate the basic firewall functionality using just elementary building blocks of the GNU/Linux operating system. We will extend the Linux kernel with packet analysis capabilities, interface it with userspace programs, and experiment with using this firewall for blocking real-world attacks.

Additional projects, beyond firewalls, may be available for students with prior knowledge in cryptography, information security, or embedded-system programming. For details, please contact the lecturer and explain your background.

The workshop's goals:

  • Become familiar with the Linux kernel, and how to extend it using kernel modules.
  • Understand the TCP/IP protocol, and how it is processed in the Linux kernel.
  • Understand concepts in packet inspection and parsing, and rule-based enforcement.
  • Introduction to network attack techniques, detection and prevention.
  • Gain experience in designing and implementing a modular system.

This workshop is offered in cooperation with industry experts from Check Point, offering a unique exposure to industry's capabilities and needs, and an opportunity for a real-world impact.

The workshop projects will be done in teams of up to 2 students. The assignments will be interesting and cool, but expect intensive and challenging work, and lots of self-learning. The projects will be completed and reported by the end of the semester, and there will be milestones and evaluations to ensure progress during the semester. Students will be expected to read and learn on their own any concepts and systems that are unfamiliar and needed in order to carry out the project successfully.

See also the lectures and instruction in last year's course, Workshop in Information Security: Building a Firewall within the Linux Kernel 2013.


  • Operating systems (0368.2162)
  • Software Project (0368.2161)


  • Communication Networks (0368-3030)
  • Any information security course