NuFW: Difference between revisions
m Fix links to disambiguation page Firewall |
m FIx up portal template and general fixes |
||
| Line 1: | Line 1: | ||
{{Infobox software |
|||
{{Infobox_Software |
|||
|name = nufw |
|name = nufw |
||
|logo = [[Image:Nupik.png]] |
|logo = [[Image:Nupik.png]] |
||
|caption = |
|caption = |
||
|screenshot = |
|screenshot = |
||
|developer = NuFW Core Team |
|developer = NuFW Core Team |
||
|latest_release_version = 2.2.20 |
|latest_release_version = 2.2.20 |
||
| Line 50: | Line 50: | ||
* 2005 : [[Les Trophées du Libre]] (Soissons, France), Security |
* 2005 : [[Les Trophées du Libre]] (Soissons, France), Security |
||
== |
==External links== |
||
{{ |
{{Portal|Free software}} |
||
*[http://www.nufw.org/-English-.html NuFW website] |
*[http://www.nufw.org/-English-.html NuFW website] |
||
*[http://www.netfilter.org/ Netfilter website] |
*[http://www.netfilter.org/ Netfilter website] |
||
| Line 58: | Line 58: | ||
{{Firewall software}} |
{{Firewall software}} |
||
{{DEFAULTSORT:Nufw}} |
|||
[[Category:Free system software]] |
[[Category:Free system software]] |
||
[[Category:Free security software]] |
[[Category:Free security software]] |
||
Revision as of 03:01, 7 June 2010
 | |
| Developer(s) | NuFW Core Team |
|---|---|
| Stable release | 2.2.20
/ December 10, 2008 |
| Repository | |
| Operating system | Linux |
| Type | Packet filtering |
| License | GNU General Public License |
| Website | www.nufw.org |
NuFW is a GPL extension to Netfilter (that is Linux firewall). It adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance.
Introduction
NuFW is an extension of Netfilter which brings the notion of user to IP filtering.
NuFW can :
- Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate).
- Perform accounting, routing and quality of service based on users and not simply on IPs.
- Filter packets with criteria such as application and OS used by distant users.
- Be the key of a secure and simple Single Sign On system.
Principles
NuFW refuses the idea of IP == user as an IP address can easily be spoofed. It thus uses its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to Netfilter and Nuauth which is connected to clients and Nufw.
The algorithm is the following:
- A standard application sends a packet.
- The Nufw client sees that a connection is being initiated and sends a user request packet.
- The Nufw server queues the packet and sends an auth request packet to the Nuauth server.
- The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority.
- The Nuauth server sends answer back to the Nufw server
- The Nufw server transmits the packet following the answer given to its request.
This algorithm realizes an A Posteriori authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet. NuFW is the only real Authentication firewall, as it never associates a user with his machine.
Awards
- 2007 : Lutèce d'Or (Paris, France), Best Innovation
- 2005 : Les Trophées du Libre (Soissons, France), Security
External links
- NuFW website
- Netfilter website
- NuApplet - Qt client for NuFW