Computing and Information Services

Drawbridge

castle image
 		 Drawbridge

 

What's New
 

04/23/04  Version 4.0 has been released.  Please review the CHANGES, README, and INSTALL documents carefully. There are a number of significant changes in this new version. Although this new release has seen significant testing, please use with caution.
 
09/07/00  Version 3.1 errata page.
 
04/19/00 Version 3.1 has been released.
 
05/18/99  Version 3.0.2 has been released.  This is a maintenance release only which fixes the patch for the 3C509 ethernet card driver and the Drawbridge start script when using the 3C905 card.  If you are not having problems with either the 3C905 or the 3C509 on FreeBSD 2.2.8, then there is no need to upgrade to this release.
 
05/4/99 Version 3.0.1 has been released.  This is a maintenance release only which fixes the patch for the Intel Pro 10/100 ethernet card driver.  The problem only exists with the patch for FreeBSD 2.2.8 so if you are using FreeBSD 2.2.6 or 2.2.7, then there is no need to upgrade to this release.
 

Introduction

Drawbridge is a firewall package that was developed at Texas A&M University and was designed with a large academic environment in mind.  It is a copyrighted, but freely distributable, bridging IP packet filter with a powerful filter language and good performance.  It's greatest strength is the ability to perform high speed packet filtering while allowing custom filters for a large number of individual hosts within an intranetwork.  It uses a constant-time table lookup algorithm so it can provide the same level of packet throughput regardless of the number of filters defined.  Drawbridge is composed of three components:  the Drawbridge filter code, the Drawbridge Manager, and the Drawbridge Filter Compiler.  These three components run on a FreeBSD system where the filter code is a netgraph module, and the manager and compiler are user level applications.
 

Requirements

This version of Drawbridge will work with FreeBSD version 3.4-RELEASE or higher, or any 4.x version of FreeBSD.  The Drawbridge FreeBSD system runs on a dedicated industry standard PC with at least 8 megabytes of memory, 120 megabytes of hard disk, and 3 network interface cards.  The recommended configuration consists of a 100MHz or faster processor, 16 megabytes of memory, a 250 megabyte or larger hard drive, and 4 PCI network interface cards.  Only Ethernet to Ethernet configurations are supported. A list of supported hardware may be found on the FreeBSD web site in part 1 section 2.1 of the FreeBSD handbook.  Drawbridge should work with any network interface card that is supported by FreeBSD and netgraph.
 

Documentation

To get an idea of how Drawbridge works and how it is used, take a look at the background information available in the document tamu-security.pdf.  It describes Drawbridge in detail and outlines the philosophy behind the entire suite of TAMU security tools.  Unfortunately, this document is out of date and discusses an older version of software but the concepts still apply.  You may also find the documents filtering.pdf and firewall.pdf of interest.

The Drawbridge README contains the information on this web page as well as more detailed installation instructions.  The Drawbridge Filter Compiler and filter language are documented in the file COMPILER.  The Drawbridge Manager is documented in the file MANAGER.  Documentation for FreeBSD is available at the FreeBSD web site.

Information about the latest changes to the code may be found in the CHANGES document.  There is also an FAQ available.
 

Availability

The current version of Drawbridge may be found on the anonymous ftp site ftp://net.tamu.edu/pub/security/TAMU along with all of the previous versions.  Drawbridge version 4.x is distributed as a source only tar file with the extension .tar.gz.  If you perfer to retrieve the files via HTTP, the latest version can be found here:
drawbridge-4.0.tar.gz
drawbridge-4.0-MD5

 

Installation

If you are unfamiliar with FreeBSD, you should start by reading the FreeBSD handbook.  The handbook will explain where you can get FreeBSD and how to install it.  The requirements section of this page lists the supported versions of FreeBSD.  You should try to install one of these versions from an ftp site near you. FreeBSD must be installed with the kernel sources.

For detailed step-by-step installation instructions, refer to the INSTALL file.
 

Contacts

Any and all feedback on the Drawbridge package is welcome.

There is a mailing list for questions and discussion about Drawbridge.  To subscribe, send email to drawbridge-request@net.tamu.edu and put the word subscribe in the the subject line.  When you subscribe, a welcome message containing information about the list and how to use it will be sent back to you.

To access the mailing list archive, send mail to drawbridge-request@net.tamu.edu with the word archive on the subject line and the word help in the body of the message.  You will be sent a help page which includes information about accessing archived messages.

The use of the mailing list is highly encouraged but, if for some reason you would like to keep your suggestions or comments private, mail can be sent directly to the maintainers at drawbridge-owner@net.tamu.edu.
 

Credits

Drawbridge 4.x was designed and written by:

    Daryl Hawkins
The code was derived from Drawbridge 2.0-3.x which was designed and written by:
    Russell Neeper
    David K. Hess
    Douglas Lee Schales
    David R. Safford
Drawbridge version 4.x is made possible by FreeBSD and all of the many people that have contributed to its development.

Last Modified: April 14, 2004

CIS Network Group
Texas A&M University
College Station, TX

Webmaster