Developer(s) | E. Leblond et al. |
---|---|
Initial release | September 1, 2003 |
Stable release |
2.2.20 / May 7, 2008
|
Operating system | Linux kernel |
Type | Packet filtering |
License | GNU General Public License |
Website | ufwi |
NuFW is a software package that extends Netfilter, the Linux kernel-internal packet filtering firewall module. NuFW adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI.
NuFW / UFWI is an extension of Netfilter which brings the notion of user to IP filtering.
NuFW / UFWI can :
NuFW / UFWI refuses the idea of IP == user as an IP address can easily be spoofed. It thus uses its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to Netfilter and Nuauth which is connected to clients and Nufw.
The algorithm is the following:
This algorithm realizes an A Posteriori authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet. NuFW is the only real Authentication firewall, as it never associates a user with his machine.