NuFW is a software package that extends
Netfilter, the
Linux kernel
The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
-internal
packet filter
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on configurable security rules. A firewall typically establishes a barrier between a trusted network and an untrusted ne ...
ing
firewall
Firewall may refer to:
* Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts
* Firewall (construction), a barrier inside a building, designed to limit the spre ...
module. NuFW adds
authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...
to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI.
Introduction
NuFW / UFWI is an extension of
Netfilter which brings the notion of user to IP filtering.
NuFW / UFWI can :
* Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate).
* Perform accounting,
routing
Routing is the process of selecting a path for traffic in a Network theory, network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched ...
and
Quality of service
Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitat ...
(QOS) based on users and not simply on IPs.
* Filter packets with criteria such as application and OS used by distant users.
* Be the key of a secure and simple
Single Sign On system.
Principles
NuFW / UFWI refuses the idea of ''IP user'' as an
IP address
An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
can easily be
spoofed. It thus uses
its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to
Netfilter and Nuauth
which is connected to clients and Nufw.
The algorithm is the following:
# A standard application sends a packet.
# The Nufw client sees that a connection is being initiated and sends a user request packet.
# The Nufw server queues the packet and sends an auth request packet to the Nuauth server.
# The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority.
# The Nuauth server sends answer back to the Nufw server
# The Nufw server transmits the packet following the answer given to its request.
This algorithm realizes an ''A Posteriori'' authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet.
NuFW is the only real Authentication firewall, as it never associates a user with his machine.
Awards
* 2007 : Lutèce d'Or (Paris, France), Best Innovation
* 2005 :
Les Trophées du Libre (Soissons, France), Security
External links
*
NuFW websiteNetfilter websiteNuApplet- Qt client for NuFW
{{DEFAULTSORT:Nufw
Free system software
Free security software
Firewall software
Linux-only free software