Zorp Integration into OpenWRT System

OData support
Dr. Fehér Gábor
Department of Telecommunications and Media Informatics

Nowadays the number of electronic devices capable of networking reached more than one at most of the households. It is even more important, that we would like to have internet access on all of them, so we buy a router and this way, we create our SOHO network.

If we speak about internet access, at least one thing is common in big company and home networks, they are always under attack. Of course, the intensity is not the same, but the threat is still there. As a first line of defense, we could use our router as a firewall also. Zorp GPL is a application layer proxy firewall for Linux, which already proved it's worth in company and high performance environments, so why not try to use it, to defend our SOHO network. The question was, that how will it function on a low performance device as a home router.

OpenWRT is a Linux distribution for embedded systems and the price range for routers, which are supported, makes it available for everyone. With this operating system on our device we are able to use Zorp's simpler and more clear rule system instead of IPTables, to customize the defensive system as we want. We can create hierarchical zones from IP domains, which inherit rules from their parent zones, so the rules will be clear and easy. It won't be such a hard task to create our simple line of defense, as it was with IPTables.

In my thesis I show, that if we integrate the kernel module and userspace component of Zorp, it will be able to run on MIPS architecture, which is widely used by routers and also able to handle the defense of a SOHO network, with some hardware requirements.


Please sign in to download the files of this thesis.