NuFW: Difference between revisions
Content deleted Content added
m FIx up portal template and general fixes |
removed Category:Linux-only software; added Category:Linux-only free software using HotCat |
||
| (16 intermediate revisions by 14 users not shown) | |||
| Line 1: | Line 1: | ||
{{Infobox software |
{{Infobox software |
||
| name = |
|||
| title = NuFW |
|||
|logo = [[Image:Nupik.png]] |
|||
| logo = Nupik.png |
|||
|caption = |
|||
| logo caption = |
|||
|screenshot = |
|||
| logo_size = |
|||
|developer = NuFW Core Team |
|||
| logo_alt = |
|||
|latest_release_version = 2.2.20 |
|||
| screenshot = <!-- Image name is enough --> |
|||
|latest_release_date = December 10, 2008 |
|||
| caption = |
|||
|operating_system = [[Linux]] |
|||
| screenshot_size = |
|||
| ⚫ | |||
| screenshot_alt = |
|||
| ⚫ | |||
| collapsible = |
|||
|website = [http://www.nufw.org/ www.nufw.org] |
|||
| author = |
|||
| developer = E. Leblond et al. |
|||
| released = {{Start date and age|2003|09|01}} |
|||
| discontinued = |
|||
| latest release version = 2.2.20 |
|||
| latest release date = {{Start date and age|2008|05|07}} |
|||
| latest preview version = |
|||
| latest preview date = <!-- {{Start date and age|YYYY|MM|DD|df=yes/no}} --> |
|||
| status = |
|||
| programming language = |
|||
| operating system = [[Linux kernel]] |
|||
| platform = |
|||
| size = |
|||
| language = |
|||
| language count = <!-- DO NOT include this parameter unless you know what it does --> |
|||
| language footnote = |
|||
| ⚫ | |||
| ⚫ | |||
| website = {{URL|http://ufwi.org/projects/nufw}} |
|||
}} |
}} |
||
| ⚫ | '''NuFW''' is a software package that extends [[Netfilter]], the [[Linux kernel]]-internal [[packet filter]]ing [[firewall (computing)|firewall]] module. NuFW adds [[authentication]] to filtering rules. NuFW is also provided as a hardware firewall, in the '''EdenWall''' firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI. |
||
| ⚫ | |||
== Introduction == |
== Introduction == |
||
NuFW is an extension of [[Netfilter]] which brings the notion of user to IP filtering. |
NuFW / UFWI is an extension of [[Netfilter]] which brings the notion of user to IP filtering. |
||
NuFW can : |
NuFW / UFWI can : |
||
* Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate). |
* Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate). |
||
* Perform accounting, [[routing]] and [[ |
* Perform accounting, [[routing]] and [[Quality of service]] (QOS) based on users and not simply on IPs. |
||
* Filter packets with criteria such as application and OS used by distant users. |
* Filter packets with criteria such as application and OS used by distant users. |
||
* Be the key of a secure and simple [[Single sign on|Single Sign On]] system. |
* Be the key of a secure and simple [[Single sign on|Single Sign On]] system. |
||
| Line 27: | Line 45: | ||
== Principles == |
== Principles == |
||
NuFW refuses the idea of ''IP == user'' as an [[IP address]] can easily be [[Spoofing attack|spoofed]]. It thus uses |
NuFW / UFWI refuses the idea of ''IP == user'' as an [[IP address]] can easily be [[Spoofing attack|spoofed]]. It thus uses |
||
its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to [[Netfilter]] and Nuauth |
its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to [[Netfilter]] and Nuauth |
||
which is connected to clients and Nufw. |
which is connected to clients and Nufw. |
||
| Line 33: | Line 51: | ||
The algorithm is the following: |
The algorithm is the following: |
||
[[ |
[[File:NuFW Algorythm.png]] |
||
# A standard application sends a packet. |
# A standard application sends a packet. |
||
| Line 51: | Line 69: | ||
==External links== |
==External links== |
||
{{Portal|Free software}} |
{{Portal|Free and open-source software}} |
||
*[http://www. |
*[http://www.ufwi.org/ UFWI website] |
||
*[https://web.archive.org/web/20071116042651/http://www.nufw.org/-English-.html NuFW website] |
|||
*[http://www.netfilter.org/ Netfilter website] |
*[http://www.netfilter.org/ Netfilter website] |
||
*[http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuApplet2 NuApplet] - Qt client for NuFW |
*[https://web.archive.org/web/20160116143101/http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuApplet2 NuApplet] - Qt client for NuFW |
||
{{Firewall software}} |
{{Firewall software}} |
||
| Line 62: | Line 81: | ||
[[Category:Free security software]] |
[[Category:Free security software]] |
||
[[Category:Firewall software]] |
[[Category:Firewall software]] |
||
[[Category:Linux-only free software]] |
|||
[[fr:NuFW]] |
|||
[[zh:NuFW]] |
|||
Latest revision as of 08:28, 4 August 2021
 | |
| Developer(s) | E. Leblond et al. |
|---|---|
| Initial release | September 1, 2003 |
| Stable release | 2.2.20
/ May 7, 2008 |
| Repository | |
| Operating system | Linux kernel |
| Type | Packet filtering |
| License | GNU General Public License |
| Website | ufwi |
NuFW is a software package that extends Netfilter, the Linux kernel-internal packet filtering firewall module. NuFW adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI.
Introduction
[edit]NuFW / UFWI is an extension of Netfilter which brings the notion of user to IP filtering.
NuFW / UFWI can :
- Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate).
- Perform accounting, routing and Quality of service (QOS) based on users and not simply on IPs.
- Filter packets with criteria such as application and OS used by distant users.
- Be the key of a secure and simple Single Sign On system.
Principles
[edit]NuFW / UFWI refuses the idea of IP == user as an IP address can easily be spoofed. It thus uses its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to Netfilter and Nuauth which is connected to clients and Nufw.
The algorithm is the following:
- A standard application sends a packet.
- The Nufw client sees that a connection is being initiated and sends a user request packet.
- The Nufw server queues the packet and sends an auth request packet to the Nuauth server.
- The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority.
- The Nuauth server sends answer back to the Nufw server
- The Nufw server transmits the packet following the answer given to its request.
This algorithm realizes an A Posteriori authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet. NuFW is the only real Authentication firewall, as it never associates a user with his machine.
Awards
[edit]- 2007 : Lutèce d'Or (Paris, France), Best Innovation
- 2005 : Les Trophées du Libre (Soissons, France), Security
External links
[edit]
- UFWI website
- NuFW website
- Netfilter website
- NuApplet - Qt client for NuFW