Het programma Nufw is een uitgebreide firewall die elke connectie op basis van de rechten van de gebruiker en het gebruikte besturingssysteem kan filteren. Het programma maakt gebruik van een ldap-server voor het controleren van de rechten, terwijl Netfilter wordt gebruikt voor het toepassen van de ingestelde filtertechniek. Voor meer informatie over Nufw verwijzen we jullie door naar deze pagina. De ontwikkelaars hebben versie 2.2.17 uitgebracht met de volgende aankondigingen sinds de vorige vermelding in de Meuktracker:
Version 2.2.17:
This new release fixes some bugs and brings some improvements. Per-interface filtering is the main new feature: it is now possible to filter based on incoming and/or outgoing network interfaces. NuFW’s devel team thanks EOLE for the sponsorship of this feature. The full changelog is as follows:Version 2.2.16:
- nuauth: add "reload periods" to nuauth_command
- nuauth: drop packet if asked period is unavailable
- nuauth, ldap, plaintext: per-interface filtering
- tests system: per-interface filtering tests
- nuauth: fix sasl_dispose related bug
- nuauth, nuctpc: kerberos authentication is working
NuFW 2.2.16 is available. This release contains a bunch of fixes and introduces a new user session module: authtype. The goal of the authtype module is to define user connection policy. This module introduces some group list:The full changelog is as follows:
- session_authtype_blacklist_group: If a user belongs to one of the listed groups they will not be able to connect
- session_authtype_whitelist_groups: If a user belongs to one of the listed groups they will be able to connect. If no group is defined, no check is done.
- session_authtype_sasl_groups: List of groups authorized to connect with login/password (SASL). If no group is defined, no check is done.
- session_authtype_ssl_groups: List of groups authorized to authenticate with certificate. If no group is defined, no check is done.
Version 2.2.15:
- nuauth: fix destruction of some entries in client hash
- nuauth: fix decoding of some packet in 64bits mode
- nuauth: fix application name decoding error check
- nuauth: fix ldap reconnection code
- nutcpc: add ’-c’ option (test if a client is already running)
- tests: add ldap module functionnal tests
- authtype: new module for adding condition of user connection
- nuaclgen: fix regexp
- libnuclient: fix some memory leak
- ldap: improve AppName check
- ldap: misc fixes
NuFW 2.2.15 is available. This is a maintenance release which mainly contains a performance improvement in the acl cache system. The full changelog is as follows:Version 2.2.14:
- nuauth: fix acl cache
- nuauth: optimize some hash function
- plaintext: optimize acl check
- nuauth: clean some messages
NuFW 2.2.14 is available. This is a maintenance release which contains only minor modifications or improvements. The full changelog is as follows:Version 2.2.13:
- mysql: set decision to ’U’ in oob_prefix (instead of ’D’, drop) for unauthenticated drop
- NuFW: fix usage of inline causing build failure on many architecture
- log_mysql: fix standard logging mode
- nuauth: add information about which file failed to be read during tls initiation phase
- nufw: don’t put nufw in conntrack debug mode by default
- log_nuprelude: prevent string format attacks (code cleaning)
- NuFW: can now use "make dist" to make archive
NuFW 2.2.13 is available. This new release introduces a MySQL logging modification which is used by Nulog2 to display nicely a link to the ACLs web management interface Nuface. It also fixes a bug related to LDAP connection. The full changelog is as follows:
- mysql: log_prefix can now be used by nulog2 link to nuface
- ldap: fix connection problem
:strip_exif()/i/1148490730.jpg?f=thumbmedium)
/u/152942/crop687206d7bca78.png?f=community){kind=small}
:strip_icc():strip_exif()/u/17098/avatar_small.jpg?f=community){kind=avatar}
