Login
Login

NuFW

{{Infobox software

| name =

| title = NuFW

| logo = Nupik.png

| logo caption =

| logo_size =

| logo_alt =

| screenshot =

| caption =

| screenshot_size =

| screenshot_alt =

| collapsible =

| author =

| developer = E. Leblond et al.

| released = {{Start date and age|2003|09|01}}

| discontinued =

| latest release version = 2.2.20

| latest release date = {{Start date and age|2008|05|07}}

| latest preview version =

| latest preview date =

| status =

| programming language =

| operating system = Linux kernel

| platform =

| size =

| language =

| language count =

| language footnote =

| genre = Packet filtering

| license = GNU General Public License

| website = {{URL|http://ufwi.org/projects/nufw}}

}}

NuFW is a software package that extends Netfilter, the Linux kernel-internal packet filtering firewall module. NuFW adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI.

Introduction

NuFW / UFWI is an extension of Netfilter which brings the notion of user to IP filtering.

NuFW / UFWI can :

  • Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate).
  • Perform accounting, routing and Quality of service (QOS) based on users and not simply on IPs.
  • Filter packets with criteria such as application and OS used by distant users.
  • Be the key of a secure and simple Single Sign On system.

Principles

NuFW / UFWI refuses the idea of IP == user as an IP address can easily be spoofed. It thus uses

its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to Netfilter and Nuauth

which is connected to clients and Nufw.

The algorithm is the following:

File:NuFW Algorythm.png

  1. A standard application sends a packet.
  2. The Nufw client sees that a connection is being initiated and sends a user request packet.
  3. The Nufw server queues the packet and sends an auth request packet to the Nuauth server.
  4. The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority.
  5. The Nuauth server sends answer back to the Nufw server
  6. The Nufw server transmits the packet following the answer given to its request.

This algorithm realizes an A Posteriori authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet.

NuFW is the only real Authentication firewall, as it never associates a user with his machine.

Awards

  • 2007 : Lutèce d'Or (Paris, France), Best Innovation
  • 2005 : Les Trophées du Libre (Soissons, France), Security

External links

{{Portal|Free and open-source software}}

  • {{usurped|1=[https://web.archive.org/web/20120124052800/http://ufwi.org/ UFWI website]}}
  • [https://web.archive.org/web/20071116042651/http://www.nufw.org/-English-.html NuFW website]
  • [http://www.netfilter.org/ Netfilter website]
  • [https://web.archive.org/web/20160116143101/http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuApplet2 NuApplet] - Qt client for NuFW

{{Firewall software}}

{{DEFAULTSORT:Nufw}}

Category:Free system software

Category:Free security software

Category:Firewall software

Category:Linux-only free software