NuFW is an enterprise grade firewall that performs an authentication of every single connection passing through the IP filter, by transparently requesting user's credentials before any filtering decision is taken. Practically, this means security policies can integrate with the user directory, and bring the notion of user ID down to the IP layers. NuFW lays on Netfilter, the state of the art IP filtering layer from the Linux kernel. It fully integrates with Netfilter and extends its capabilities. The daemons currently run on Linux and software clients are available for Windows, Linux, FreeBSD et Mac OSX.
NuFW can:
Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate).
Perform accounting, routing and quality of service based on users and not simply on IPs.
Filter packets with criterium such as application and OS used by distant users.
Be the key of a secure and simple Single Sign On system.
NuFW is composed of two daemons that can be put on different systems and the main daemon nuauth is heavily multithreaded. nuauth uses loadable modules for any exterior interaction.