Skip To Main Content Skip To Main Navigation


Networking & Information Security
Texas A&M University
Networking & Information Security

» Home » Security » Firewalls » Drawbridge

Drawbridge

Drawbridge is a firewall package that was developed at Texas A&M University and was designed with a large academic environment in mind. It is a copyrighted, but freely distributable, bridging IP packet filter with a powerful filter language and good performance. It's greatest strength is the ability to perform high speed packet filtering while allowing custom filters for a large number of individual hosts within an intranetwork. It uses a constant-time table lookup algorithm so it can provide the same level of packet throughput regardless of the number of filters defined. Drawbridge is composed of three components: the Drawbridge filter code, the Drawbridge Manager, and the Drawbridge Filter Compiler. These three components run on a FreeBSD system where the filter code is a netgraph module, and the manager and compiler are user level applications.

Drawbridge will work with FreeBSD version 3.4-RELEASE or higher, or any 4.x version of FreeBSD.  The Drawbridge FreeBSD system runs on a dedicated industry standard PC with at least 8 megabytes of memory,  120 megabytes of hard disk, and 3 network interface cards.  The recommended configuration consists of a 100MHz or faster processor,  16 megabytes of memory, a 250 megabyte or larger hard drive, and 4 PCI network  interface cards.  Only Ethernet to Ethernet configurations are supported. A list of supported hardware may be found on the FreeBSD web site in part 1 section 2.1 of the FreeBSD handbook. Drawbridge should work with any network interface card that is supported by FreeBSD and netgraph.

Documentation

  Compiler - the Drawbridge Filter Compiler and filter language
  Manager - Drawbridge Manager information
  Changes - Information on the latest changes
  FAQ - Drawbridge FAQ

Availability

The current version of Drawbridge can be found at ftp://net.tamu.edu/pub/security/TAMU/  Previous versions are also available.  Drawbridge 4.x is distributed as a source only tar file with extension .tar.gz. 

Installation instructions can be found on the Drawbridge Installation page.

Contacts 

Any and all feedback on the Drawbridge package is welcome.

There is a mailing list for questions and discussion about Drawbridge.  To subscribe, send email to drawbridge-request@net.tamu.edu and put the word subscribe in the the subject line.  When you subscribe, a welcome message containing information about the list and how to use it will be sent back to you.

Mail can also be sent directly to Drawbridge support personnel at drawbridge-owner@net.tamu.edu.

Credit

Drawbridge 4.x was designed and written by:

      Daryl Hawkins

The code was derived from Drawbridge 2.0-3.x which was designed
and written by:

      Russell Neeper
      David K. Hess
      Douglas Lee Schales
      David R. Safford

Drawbridge version 4.x is made possible by FreeBSD and all of the many people that have contributed to its development.


Last Updated: Tue, Jun 30, 2009