Modbus Firewall

While my employment has drawn me away from development work and work in the industrial automation space, I have continued to work on a number of smaller projects related to the open source IEC 61131-3 Virtual Machine.  One such project has been the development of a Modbus application protocol network filter for the Linux kernel.

While a Modbus filter for Linux has made available by Venkat Pothamsetty and Matthew Franz previously and provided for download from Sourceforge. The most recent version of this code dated from 2004 however was written for Linux kernel 2.6.16 and no longer compiles against recent Linux kernel versions. To this end, this new filter match module for Modbus has been written and includes Modbus frame matching features beyond that available in the previous work by Pothamsetty and Franz.

This new Modbus filter kernel module – and corresponding patch for iptables 1.6, required in order to allow the specification and manipulation of firewall rules using Modbus protocol nomenclature – can be found at

Continue reading


Embedded Modbus Library

Building upon the efforts undertaken to implement a primitive Modbus protocol interface for the IEC 61131-3 virtual machine environment, I have spent some time consolidating this development and have released an embedded Modbus slave protocol library.  This protocol library implements support for the most common Modbus operations including:

  • Read coils (function code 1);
  • Read discrete inputs (function code 2);
  • Read holding registers (function code 3);
  • Read input registers (function code 4);
  • Write single coil (function code 5);
  • Write single register (function code 6);
  • Write multiple coils (function code 15);
  • Write multiple registers (function code 16);
  • Write mask register (function code 22); and
  • Read write multiple holding registers (function code 23).

In this initial implementation, this library primary supports Modbus TCP operations – aligned with the initial implementation of Modbus operations on the IEC 61131-3 virtual machine – but there is scope for both Modbus RTU and Modbus ASCII implementations within the code base.  Additionally, this library has been implemented with a keen awareness of portability for different platforms and as such includes distinct APIs for database and target platform integration.

This embedded Modbus slave C library can be obtained from GIT at  Similar to the IEC 61131-3 virtual machine project, this library is licensed under CC BY-NC 4.0.

Modbus Interface

In order to improve accessibility of the IEC 61131-3 virtual machine for external developers, I have committed code which provides a basic Modbus TCP protocol interface for the IEC 61131-3 virtual machine. The protocol was originally published by Modicon (now Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs). Since this time, this protocol has become the de facto standard for communication with a range of industrial devices including programmable logic controllers, data loggers and smart instrumentation.  See and

Medford Modbus Viewer

While this interface is still under development, the basic interface that is in place now allows for 16-bit integer values to be read from the virtual machine environment by external data visualisation packages – The package that I have used for evaluation purposes above is from This interface in turn provides a greater level flexibility for the monitoring of byte code under evaluation within the IEC 61131-3 virtual machine environment.