Download NuFW 2.2.21

The NuFW program is an extensive firewall that can filter every connection based on the user’s rights and the operating system used. The program uses an ldap server for checking permissions, while using Netfilter for applying the set filtering technique. For more information about NuFW, please refer to this page. The developers have released version 2.2.21 with the following announcements since the previous entry in the Meuktracker:

Version 2.2.21:

• nuauth: fix bind to IPv6 address only
• nuauth: add nuauth_user_check_ip_equality be able to relax constraint on source address of authenticated packets.
• TLS: strict CRL handling
• nuauth: suppress not needed g_asset() (fix a crash)
• nuauth: fix light memory leak in tls_connect()
• nutcpc: display NuFW gateway IP address when starting

Version 2.2.20:

• nufw: Fix potential race condition in nufw tls_connect
• nufw: Fix bug where packet with ID 0 was rejected
• Remove debian directory which is not maintained here anymore
• nuauth: Add mark display in packet printing
• libnuclient: Improve API to export string error message to clients
• nuauth_command: User disconnection can now be done via a regexp

Version 2.2.19:

• nuauth: fix memory leak that appear when system_suppress_prefixed_domain is set to 1.
• Implement “refresh crl” command in nuauth_command and nuauth.
• nuauth: SIGHUP also reloads the CRL file.
• nutcpc: SIGHUP now triggers reconnection to nuauth.
• nutcpc: Add -R option to specify crl.
• nutcpc: ask client to confirm connection if no CA is present
• nufw: SIGHUP now triggers reconnection to nuauth.
• nufw: Try to start TLS session to nuauth at start and not at first packet.
• nufw: fix some error case handling in gnutls record
• nufw: Display understandable error message when nuauth can not be reached.
• nufw: Add -N option to disable fqdn check during TLS negotiation
• libnuclient: CRL reload at reconnect
• libnuclient: new function nu_client_set_crlfile() can be used to specify crl file
• nuauth: fix memory leak in connection tracking logging
• nuauth: fix memleak and avoid useless allocation in iface related code.
• nutcpc: now uses local user name as default for nuauth connection
• ldap module: update code to ‘new’ ldap API
• ldap module: fix double request and memory leak
• pam_nufw: respect nuclient.conf
• pam_nufw: severe bug fix

Version 2.2.18:

• general: strict TLS mode enabled by default on all components
• nuauth: increase some timer value to avoid problem on some virtual machines
• nuauth: issue some warnings if clients certificates will not be checked
• nuauth: display explicit error message if TLS handshake failed
• nuauth: fix check of private key file permissions
• documentation improvement
• nuauth: add option to limit the size of the logging queue
• nuauth: fix ACL order in the plaintext module
• nuauth: fix reject method when no group can be fetch after authentication
• libnuclient: fix some error treatment of the gnutls_record_recv() function
• libnuclient: fix threads model in POLL mode (avoid useless threads)