Drawbridge is a firewall package that was developed at Texas A&M University and was designed with a large academic environment in mind. It is a copyrighted, but freely distributable, bridging IP packet filter with a powerful filter language and good performance. It's greatest strength is the ability to perform high speed packet filtering while allowing custom filters for a large number of individual hosts within an intranetwork. It uses a constant-time table lookup algorithm so it can provide the same level of packet throughput regardless of the number of filters defined.

Drawbridge is composed of three components: the Drawbridge filter code, the Drawbridge Manager, and the Drawbridge Filter Compiler. These three components run on a FreeBSD system where the filter code is a netgraph module, and the manager and compiler are user level applications.

Automatic Installation Instructions:

1. Create a "manager" account that is a member of group wheel. Username: manager
Groups: manager, wheel

2. Run the install script. This will result in a default install in /usr/local/drawbridge. Binaries are in /usr/local/drawbridge/bin and /usr/local/drawbridge/sbin. Dcoumentation is in /usr/local/drawbridge/doc, and rulesets are in /usr/local/drawbridge/rules. The startup script is in /usr/local/etc/rc.d.

3. Edit the /usr/local/etc/rc.d/drawbridge.sh script and modify the "Interface IDs" section to reflect the correct names of the interfaces for your particular hardware. You must define the inside and outside interface names. The mirror interface is optional (mirror ="").

4. Add /usr/local/drawbridge/sbin and /usr/local/drawbridge/bin to the default path for the manager account.