Drawbridge 4.0
INTRODUCTION
Drawbridge is a firewall package that was developed at Texas A&M University
and was designed with a large academic environment in mind. It is a
copyrighted, but freely distributable, bridging IP packet filter with a
powerful filter language and good performance. It's greatest strength
is the ability to perform high speed packet filtering while allowing custom
filters for a large number of individual hosts within an intranetwork.
It uses a constant-time table lookup algorithm so it can provide the same
level of packet throughput regardless of the number of filters defined.
Drawbridge is composed of three components: the Drawbridge filter code,
the Drawbridge Manager, and the Drawbridge Filter Compiler. These three
components run on a FreeBSD system where the filter code is a netgraph
module, and the manager and compiler are user level applications.
REQUIREMENTS
This version of Drawbridge will work with FreeBSD 3.4-RELEASE or higher,
or any 4.x version of FreeBSD. This version of Drawbridge will not work
with FreeBSD 5.0 or releases based on the 5.x branch. A version that
supports the 5.x branch of FreeBSD will be released shortly. The Drawbridge
FreeBSD system runs on a dedicated industry standard PC with at least
8 megabytes of memory, 120 megabytes of hard disk, and 3 network
interface cards. The recommended configuration consists of a 100MHz or
faster processor, 16 megabytes of memory, a 250 megabyte or larger hard
drive, and 4 PCI network interface cards. Only Ethernet to Ethernet
configurations are supported. If you require FDDI support, please send
a request to drawbridge-owner@net.tamu.edu. A list of supported hardware
may be found on the FreeBSD web site in part 1 section 2.1 of the FreeBSD
handbook. Drawbridge should work with any network interface card that
is supported by FreeBSD and netgraph.
DOCUMENTATION
The Drawbridge web site is and all of the
documents mentioned in this readme file may be found there. To get an idea
of how Drawbridge works and how it is used, take a look at the background
information available in the document tamu-security.pdf. It describes
Drawbridge in detail and outlines the philosophy behind the entire suite of
TAMU security tools. Unfortunately, this document is out of date and
discusses an older version of software but the concepts still apply.
The Drawbridge Filter Compiler and filter language are documented in the
file COMPILER. The Drawbridge Manager is documented in the file MANAGER.
All of these files may also be found in the Drawbridge doc directory after
the package is installed. The man pages for the compiler and manager are
installed as dbfc(8) and dbmgr(8) and contain the same information as the
COMPILER and MANAGER files. Documentation for FreeBSD is available at the
FreeBSD web site .
HISTORY
This is version 4.0 of the Drawbridge filter code. It is a netgraph
derivative of version 3.2a of the original kernel-based Drawbridge code.
Information about changes to the netgraph version of the Drawbridge code
can be found in the CHANGES document.
AVAILABILITY
Information about the current version of Drawbridge may be found at the
web web site . The latest version of
Drawbridge may be found on the anonymous ftp site net.tamu.edu in the
directory /pub/security/TAMU along with the previous versions.
CONTACTS
Any and all feedback on the Drawbridge package is welcome.
There is a mailing list for questions and discussion about Drawbridge.
To subscribe, send email to drawbridge-request@net.tamu.edu and put the
word subscribe in the the subject line. When you subscribe, a welcome
message containing information about the list and how to use it will be
sent back to you.
The use of the mailing list is highly encouraged but, if for some reason
you would like to keep your suggestions or comments private, mail can be
sent directly to the maintainers at drawbridge-owner@net.tamu.edu.
Drawbridge 4.0 was written by:
Wm. Daryl Hawkins
Much of the code was derived from Drawbridge 3.x which was designed
and written by:
Russell Neeper
David K. Hess
Douglas Lee Schales
David R. Safford
----
FreeBSD is copyrighted by The Regents of the University of California.
Drawbridge is copyrighted by Texas A&M University.
