NuFW is an enterprise grade firewall that performs an authentication of every single connection passing through the IP filter, by transparently requesting user�s credentials before any filtering decision is taken.
Practically, this means security policies can integrate with the users directory, and bring the notion of user ID down to the IP layers.
Here are some key features of "NuFW":
· Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol.
· Perform accounting, routing and quality of service based on users and not simply on IPs.
· Filter packets with criterium such as application and OS used by distant users.
· Be the key of a secure and simple Single Sign On system.
· Scalable : NuFW is composed of two daemons that can be put on different systems and the main daemon is heavily multithreaded.
· Modular : User authentication and Access control list verification are performed via loadable module (system, ldap, dbm, plaintext modules are provided). User activity logging can be done via syslog, mysql or postgresql.
· Open : NuFW is released under the GNU GPL licence v2 and all protocols are fully documented.
What's New in This Release: [ read full changelog ]
· log_mysql: don't over stress nuauth after DOS mode (Eric Leblond)
· libnuclient: fix memory leak. (Eric Leblond)
· nuauth: avoid double logging of some packets (Eric Leblond)
· nussl: add support for several CA certificates in one PEM file (Pierre Chifflier)
· Revert "NuSSL: fix sub CA" (Pierre Chifflier)