 |
 |
 |
 |
 |
 |
The name Bifrost comes from the nordic mythology, where Bifrost is the bridge between Midgård (The Earth) and Asgård (the home of gods) and is called The Rainbow by humans. It's so strong that it will not be destroyed until Ragnarök - the end of the world. Bifrost is guarded by Heimdall and the red color one can see in it, is a flaming fire that prevents the giants to climb up to Asgård.
The goal of this project is to find out stability, performance, filter capabilities, administration, computer security, scalability and development possibilities of a Linux based streamlined router/firewall system. The hardware is basically a standard PC with two (or more) network interfaces (preferably the Intel Tulip chip or an e1000 Gigabit card) and a flash disk of at least 45 MB size (a modern large flash disk is better though). The operating system is a modified, minimal and optimized Linux distribution, with the kernel configured for firewalling and routing. The filter which controls the firewall security policy, is part of the kernel code and can be configured with iptabels.
Recent distributions are being used as pure Internet routers, equipped with 1GB or more of internal memory.
The first version of the Bifrost firewall was installed at The Department of Chemistry (SLU) 1997, but more installations has since then been made within SLU, Uppsala University and a few other places in Sweden - mostly universities (KTH, KI and others). Later it has found users in other countries as well.
Bifrost has at least two modes of application. It can work as an edge router and/or as a firewall. Recent releases works very well as core routers with full Internet routing. There exists today fully developed and ready to run distributions of Bifrost, based on the 2.6 kernel. The system has proven to be very stable and operational. One of the important secrets behind the stability is the correct choice of hardware.
As a part of Bifrost we now have something called Bifrost Nomad. It consists of tools for net login, authentification and event controlled routing or filter handling. For this we are using Apache+OpenSSL and IP-login.
All kinds of projects springs from Bifrost and we now use it for WLAN (Vagabond) and VPN routing points, RADIUS-servers, web and surveillance.
We are working on the 2.6-kernel och improvements of the e1000 driver as well as 10Gb cards. Support for IPv6 is also included. As of Bifrost v5.19 we use a patched 2.6.24 kernel.
Tests are being performed on HiPac and it looks very promising for simple filters and with a good performance compared to Netfilter.