NuFW Changelog

New in version 2.4.3

August 14th, 2010
  • log_mysql: don't over stress nuauth after DOS mode (Eric Leblond)
  • libnuclient: fix memory leak. (Eric Leblond)
  • nuauth: avoid double logging of some packets (Eric Leblond)
  • nussl: add support for several CA certificates in one PEM file (Pierre Chifflier)
  • Revert "NuSSL: fix sub CA" (Pierre Chifflier)

New in version 2.4.1 (May 12th, 2010)

  • This new release fixes some bugs in the client library and brings some improvements.

New in version 2.4.0 (March 2nd, 2010)

  • New features and major improvements:
  • Extensible protocol:
  • NuFW protocol between authentication server and clients has evolved and it is now possible to extend the protocol via plugin (on both client and nuauth side).
  • A simple extension is provided. It adds a message to have local user identity sent to authentication server. This is a simple proof of concept and some more interesting extension can be easily developed.
  • Optimized protocol:
  • Client to authentication server protocol has been heavily optimized for laggy network and computer used simultaneously by multiple users. For example, on a 1 sec delay network, authentication is done at worst in 1.2 sec which is only 0.2 sec more than non authenticated flow. With previous protocol authentication was done in more than 3 sec...
  • Filtering capabilities improvements:
  • Client is now computing hash of application binary for advanced filtering.
  • It is also possible to use an authentication quality in filtering rules. For example, this mean it is possible to accept a packet if and only if the authentication of the user has been done via certificate.
  • Rewrite and code factorization:
  • A huge code factorization and rewrite has been done. Convenience libraries are now shared between the different components. Cryptography can now be done via openssl or gnutls and all components now share the same configuration file parser.
  • Changelog summary:
  • The main changes are as follows...
  • Support for plugin in libnuclient
  • Improved client-server protocol
  • Protocol extension via plugin
  • Better performances on bad network
  • Better error handling
  • Filtering capabilities improvements:
  • Client compute hash of application for advanced filtering
  • Authentication quality support
  • Configuration file for nufw and client
  • New convenience libraries:
  • nussl: TLS abstraction library (gnutls or openssl)
  • nuconfparser: Configuration library
  • nubase: Common use library
  • log_ulogd2 module: log packet via ulogd2
  • postauth_localuser module: sample postauthentication protocol modification
  • nufw: switch libnetfilter_conntrack code to new API
  • client proto: negotiate protocol version

New in version 2.4.0 RC1 (February 12th, 2010)

  • pgsql: authentication failure logging
  • libnuclient: fix file descriptor leak
  • libnuclient: CPU usage optimization
  • nufw: switch libnetfilter_conntrack code to new API
  • log_ulogd2: update plugin
  • nuauth: don’t reject packet when appname is invalid
  • client proto: negotiate protocol version

New in version 2.2.21 (February 4th, 2009)

  • It mainly solves some issues with IPv6 configuration.

New in version 2.2.20 (December 10th, 2008)

  • This release mainly features an improved error logging system in the client library.
  • It also contains some minor bugfixes in the nufw daemon.

New in version 2.2.19 (November 27th, 2008)

  • This release mainly features TLS-related improvements.
  • Complete support of all TLS mechanisms is available in all components.
  • To ease setup, all clients can now use a common configuration file for TLS settings and more.
  • This version also fixes some memory leaks.

New in version 2.2.17 (September 25th, 2008)

  • This release adds incoming and outgoing network interfaces as filtering criteria.
  • It also features Kerberos authentication support.