Drawbridge Manager 4.0
Usage: dbmgr [-v] [ command ]
Switches:
-v Display the version and copyright notice and exit.
The program dbmgr is the manager portion of the Drawbridge package. It is
used to control all functions of the Drawbridge filter code within the
kernel. It can be used to initialize, start, or stop Drawbridge as well as
load or clear the filter configuration, set or show options, or monitor the
operation of Drawbridge.
With no arguments, dbmgr runs interactively, prompting with `dbmgr>'. If
arguments are supplied, dbmgr interprets the first as a command to execute;
each subsequent argument is taken as a parameter for that command.
Standard input can be redirected so that dbmgr reads commands from a file.
Usage
-----
o Commands
The following is a list of supported commands:
SET (MULticast | NonIP | OtherIP | SuspectOffset |
FragmentedICMP | AttackICMP) (FORward | DIScard)
Load FILters
CLeaR (BRidge | FILters | STats)
SHow (Host | CLass [w] | TCPreset |
ACCept | REJect | OVerride | FLags | STats | BRidge)
MONitor [ INTerval ]
HELP [ ]
!
EXit
Commands are case insentive and may be abbreviated to the capitalized
portion. For example, CLeaR may be abbreviated to clr. If a '#' appears
anywhere in a line of input, the remainder of that line will be treated as
a comment. A '!' at the beginning of a line can be used as a shell escape.
o HELP [ ]
Display a short description of the specified command or, if no arguments
are given, a list of all the recognized commands.
o SET (MULticast | NonIP | OtherIP | SuspectOffset |
FragmentedICMP | AttackICMP) (FORward | DIScard)
Used to set a flag. The possible arguments are:
o Flags
There are several flags which may be used to alter global filtering
rules. The possible settings for these flags are 'forward' or
'discard'. They are all set to 'forward' by default.
o Multicast
This flag controls whether IP multicast packets are forwarded or
discarded.
o NonIP
This flag controls whether protocol layer traffic other than IP, ARP,
or RARP is forwarded or discarded.
o OtherIP
This flag controls whether IP layer traffic other than TCP, UDP, or
ICMP is forwarded or discarded.
o SuspectOffset
This flag controls whether TCP/IP fragments with an offset of 1 should
be forwarded or discarded. This is mainly used to protect internal
machines that may have poorly written IP fragment reassembly routines.
The default setting is 'forward' since discarding these packets could,
though unlikely, discard valid traffic.
o FragmentedICMP
This flag controls whether fragmented ICMP packets should be forwarded
or discarded. This is mainly used to block denial of service attacks
which use fragmented ICMP echo reply packets. For example, the "ping
of death" is a denial of service attack of this type. The default
setting is 'forward' since discarding these packets could, though
unlikely, discard valid traffic.
o AttackICMP
This flag controls whether ICMP packets containing the characteristics
of a few known ICMP attacks are forwarded or discarded. The default
setting is 'forward' since discarding these packets could, though
unlikely, discard valid traffic.
o Load FILters
The load command is used to load the filter tables file 'db_filters'
which is generated by the filter compiler (see the file COMPILER). The
new tables will take effect immediately. Loading a new filter table file
will not cause any packets to be dropped or any packets to be "leaked"
through the filters. The new tables are inactive as they are being
loaded/built in memory. The switch from the old tables to the new tables
is an atomic operation performed between packets. The memory containing
the old tables is then freed.
o CLeaR (BRidge | FILters | STats)
The clear command can be used to clear the bridge table, filter tables, or
statistics. If the filter tables are cleared, drawbridge will fall back to
the default filter tables. The changes take effect immediately.
o SHow (Host | CLass [w] | TCPreset |
ACCept | REJect | OVerride | FLags | STats | BRidge)
The show command will display the specified filter table information,
flags, variables, statistics, or the bridge table. The optional 'w'
parameter for 'CLass' will produce output in a wide format.
o MONitor [ INTerval ]
The monitor command will display a full screen of packet statistics which
is updated once per second. The stats include total packets and total
bytes for each interface, aggregate throughput, packets and bytes per
second (by default), number of bridge table entries, and number of dropped
packets. The space bar will change screens to display a breakdown of the
number of filtered packets. The 'q' key will quit back to the dbmgr
prompt.
o Exit
Exits the filter manager.
