A firewall is a crucial security element in modern computer networks. This work investigates and demonstrates the implementation of a lightweight TCP/IP firewall in a bare-metal environment, on a commercial embedded ARM device. Compared to an implementation having an operating system (OS), using bare-metal design enables reduction of exposure to potential vulnerabilities in OS code, and provides a more dependable system. The implemented firewall provides both static and stateful filtering capabilities, and is configurable in a user-friendly way. As the architecture of the commercial hardware used was not available under closed source licensing, it was discovered through analysis at both hardware and software levels. Some challenges were encountered, and tools were developed to address these. The prototype is validated through functional testing in a controlled environment successfully.