Download Nufw 2.2.17

The Nufw program is an extensive firewall that can filter every connection based on the user’s rights and the operating system used. The program uses an ldap server to check the permissions, while Netfilter is used to apply the set filtering technique. For more information about Nufw, we refer you to this page. The developers have released version 2.2.17 with the following announcements since the previous entry in the Meuktracker:

Version 2.2.17:

This new release fixes some bugs and brings some improvements. Per-interface filtering is the main new feature: it is now possible to filter based on incoming and/or outgoing network interfaces. NuFW’s devel team thanks EOLE for the sponsorship of this feature. The full changelog is as follows:

• nuauth: add “reload periods” to nuauth_command
• nuauth: drop packet if asked period is unavailable
• nuauth, ldap, plaintext: per-interface filtering
• tests system: per-interface filtering tests
• nuauth: fix sasl_dispose related bug
• nuauth, nuctpc: kerberos authentication is working

Version 2.2.16:

NuFW 2.2.16 is available. This release contains a bunch of fixes and introduces a new user session module: authtype. The goal of the authtype module is to define user connection policy. This module introduces some group list:

• session_authtype_blacklist_group: If a user belongs to one of the listed groups they will not be able to connect
• session_authtype_whitelist_groups: If a user belongs to one of the listed groups they will be able to connect. If no group is defined, no check is done.
• session_authtype_sasl_groups: List of groups authorized to connect with login/password (SASL). If no group is defined, no check is done.
• session_authtype_ssl_groups: List of groups authorized to authenticate with certificate. If no group is defined, no check is done.

The full changelog is as follows:

• nuauth: fix destruction of some entries in client hash
• nuauth: fix decoding of some packet in 64bit mode
• nuauth: fix application name decoding error check
• nuauth: fix ldap reconnection code
• nutcpc: add ‘-c’ option (test if a client is already running)
• tests: add ldap module functional tests
• authtype: new module for adding condition of user connection
• nuaclgen: fix regexp
• libnuclient: fix some memory leak
• ldap: improve AppName check
• ldap: misc fixes

Version 2.2.15:

NuFW 2.2.15 is available. This is a maintenance release which mainly contains a performance improvement in the acl cache system. The full changelog is as follows:

• nuauth: fix acl cache
• nuauth: optimize some hash function
• plaintext: optimize acl check
• nuauth: clean some messages

Version 2.2.14:

NuFW 2.2.14 is available. This is a maintenance release which contains only minor modifications or improvements. The full changelog is as follows:

• mysql: set decision to ‘U’ in oob_prefix (instead of ‘D’, drop) for unauthenticated drop
• NuFW: fix usage of inline causing build failure on many architecture
• log_mysql: fix standard logging mode
• nuauth: add information about which file failed to be read during tls initiation phase
• nufw: don’t put nufw in conntrack debug mode by default
• log_nuprelude: prevent string format attacks (code cleaning)
• NuFW: can now use “make dist” to make archive

Version 2.2.13:

NuFW 2.2.13 is available. This new release introduces a MySQL logging modification which is used by Nulog2 to display nicely a link to the ACLs web management interface Nuface. It also fixes a bug related to LDAP connection. The full changelog is as follows:

• mysql: log_prefix can now be used by nulog2 link to nuface
• ldap: fix connection problem