|| ||Eric Leblond <email@example.com>|
|| ||[Announce] NuFW 2.0 is available|
|| ||Wed, 24 May 2006 09:54:58 +0200|
Hello Netfilter users,
NuFW 2.0 "extatic porcupine" is available. This is the first release of
the new stable branch of the NuFW project (http://www.nufw.org).
NuFW is an authenticating firewall based on Netfilter.
NuFW can :
- Authenticate any connection that goes through your gateway or only
from/to a chosen subset or a specific protocol (iptables is used to
select the connections to authenticate).
- Perform accounting, routing and quality of service based on users and
not simply on IPs.
- Filter packets with criterium such as application and OS used by
- Be the key of a secure and simple Single Sign On system.
Main new Netfilter related features of 2.0 are :
* Libnfnetlink based interaction with kernel:
NuFW 2.0 is able to use libnetfilter_queue and libnetfilter_conntrack to
handle interaction with kernel.
* Complete period handling:
ACLs can now be linked with a period. The match against the period is
initially done by NuFW (as time match does) but connection is removed
from conntrack automatically at the end of the period.
Removal can be done via a libnetfilter_conntrack call at end of the
period or directly (with a patched kernel) via connection timeout in the
conntrack. The related patch (fixed_timeout) has been queued by Patrick
McHardy for inclusion in 2.6.18.
More information about new features of NuFW are available at:
Happy "user" filtering to all,
Eric Leblond <firstname.lastname@example.org>