NuFW

NuFW

Developer(s)	E. Leblond et al.
Initial release	September 1, 2003 (2003-09-01)

Stable release	2.2.20 / May 7, 2008 (2008-05-07)
Operating system	Linux kernel
Type	Packet filtering
License	GNU General Public License
Website	ufwi.org/projects/nufw

NuFW is a software package that extends Netfilter, the Linux kernel-internal packet filtering firewall module. NuFW adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI.

Introduction

NuFW / UFWI is an extension of Netfilter which brings the notion of user to IP filtering.

NuFW / UFWI can :

Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate).
Perform accounting, routing and Quality of service (QOS) based on users and not simply on IPs.
Filter packets with criteria such as application and OS used by distant users.
Be the key of a secure and simple Single Sign On system.

Principles

NuFW / UFWI refuses the idea of IP == user as an IP address can easily be spoofed. It thus uses its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to Netfilter and Nuauth which is connected to clients and Nufw.

The algorithm is the following:

A standard application sends a packet.
The Nufw client sees that a connection is being initiated and sends a user request packet.
The Nufw server queues the packet and sends an auth request packet to the Nuauth server.
The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority.
The Nuauth server sends answer back to the Nufw server
The Nufw server transmits the packet following the answer given to its request.

This algorithm realizes an A Posteriori authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet. NuFW is the only real Authentication firewall, as it never associates a user with his machine.

Awards

2007 : Lutèce d'Or (Paris, France), Best Innovation
2005 : Les Trophées du Libre (Soissons, France), Security

External links

Firewall software

Linux

Apps	Netfilter L7-filter NuFW ipset iptables nftables FireHOL Firestarter FirewallD Shorewall Uncomplicated Firewall MoBlock Privoxy Squid

Distros	SmoothWall IPCop IPFire LEDE OpenWrt Zeroshell Untangle

BSD

Apps	PF NPF ipfirewall IPFilter

Distros	M0n0wall SmallWall pfSense

OS X

Windows

Commercial	Check Point Integrity Kaspersky Internet Security McAfee Personal Firewall Plus Microsoft Forefront Threat Management Gateway Norton 360 Norton Personal Firewall Norton Internet Security Outpost Firewall Pro Symantec Endpoint Protection Trend Micro Internet Security Windows Firewall Windows Live OneCare WinGate WinRoute

Freemium	Comodo Internet Security Online Armor Personal Firewall PC Tools Internet Security ZoneAlarm

Open-source	PeerBlock PeerGuardian

Appliances

This article is issued from Wikipedia - version of the 9/8/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.