The release of NuFW 2.2 nearly slipped trough a huge pile of unread mails . In case you wonder what is nuFW :

NuFW is an enterprise grade firewall that performs an authentication of every single connection passing through the IP filter, by transparently requesting user’s credentials before any filtering decision is taken.

Practically, this means security policies can integrate with the user directory, and bring the notion of user ID down to the IP layers. NuFW lays on Netfilter, the state of the art IP filtering layer from the Linux kernel. It fully integrates with Netfilter and extends its capabilities.

The daemons currently run on Linux and software clients are available for Windows, Linux, FreeBSD et Mac OSX.

NuFW can :

• Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate).
• Perform accounting, routing and quality of service based on users and not simply on IPs.
• Filter packets with criterium such as application and OS used by distant users.
• Be the key of a secure and simple Single Sign On system.

Pretty impressive features  (I love the fact it can differentiate Firefox vs IE :). The software is released under GPL license and there are binaries for all major Linux distributions. Props go to the guys at INL for building this software and making it open source.

I invite you to download NuFW and give it a spin.

UPDATE: New version NuFW 2.2.4 released :
This release fixes a security issue related to time-based filtering rules. A regression was leading packets not to be  dropped when their arrival time was out of period. It also features some improvements and bugfixes.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!