News

NuFW: NuFW 2.4.2

Added by Eric Leblond 2 months ago

This new release mainly fixes a compilation issue appeared in NuFW 2.4.1. GNUtls mode was not working anymore.

The full changelog is as follows:
  • log_mysql: don't over stress nuauth after DOS mode (Eric Leblond)
  • libnuclient: fix memory leak. (Eric Leblond)
  • nuauth: avoid double logging of some packets (Eric Leblond)
  • nussl: add support for several CA certificates in one PEM file (Pierre Chifflier)
  • Revert "NuSSL: fix sub CA" (Pierre Chifflier)

NuApplet2: NuApplet 2.3.0

Added by Pierre Chifflier 2 months ago

This release is compatible with the new (>= 2.4) NuFW client library

It also uses libnussl (distributed in NuFW) instead of direct calls for GnuTLS.

New (major) features:
  • better support for TLS options
  • support for plugins (from nuclient library)
  • display logs in specific window (instead of console)
  • support for openssl (through libnussl)

and many bugfixes.

NuFW: NuFW 2.4.1

Added by Eric Leblond 2 months ago

This new release fixes a problem in libnuclient which could lead to a crash on some systems. It also adds support for chained certificate support in nuauth authentication server.

The full changelog is as follows:
  • libnussl: fix sub CA support
  • libnuclient: fix proc hash handling
  • nuauth_command: add thread pool information
  • nuauth_command: add "refresh crl" command

NuAgent: NuAgent v2.0.1.2 is available

Added by Kamel Messaoudi 3 months ago

This new version of NuAgent features:
  • Enhanced certificate import and management
  • Minor bugfixes

NuFirewall: NuFirewall 1.0beta1 is available

Added by Eric Leblond 4 months ago

After two years of development, the first public release of NuFirewall is available. Based on technologies and code used by EdenWall in their appliance, it provides an enterprise-grade firewall.

Management interface is a QT based GUI which components are:
  • NuConf: System configuration
  • NuFace firewall rules configuration
  • NuLog log analysis
  • NuPKI: Manage your PKIs

Although it is named beta1, this release is already completely usable and will be very near of 1.0 final release.

NuFW: NuFW 2.4.0 is available

Added by Eric Leblond 5 months ago

After a long work, NuFW 2.4.0 is available. It contains a bunch of new features and improvements.

New features and major improvements

Extensible protocol

NuFW protocol between authentication server and clients has evolved and it is now possible to extend the protocol via plugin (on both client and nuauth side).

A simple extension is provided. It adds a message to have local user identity sent to authentication server. This is a simple proof of concept and some more interesting extension can be easily developed.

Optimized protocol

Client to authentication server protocol has been heavily optimized for laggy network and computer used simultaneously by multiple users. For example, on a 1 sec delay network, authentication is done at worst in 1.2 sec which is only 0.2 sec more than non authenticated flow. With previous protocol authentication was done in more than 3 sec...

Filtering capabilities improvements

Client is now computing hash of application binary for advanced filtering.

It is also possible to use an authentication quality in filtering rules. For example, this mean it is possible to accept a packet if and only if the authentication of the user has been done via certificate.

Rewrite and code factorization

A huge code factorization and rewrite has been done. Convenience libraries are now shared between the different components. Cryptography can now be done via openssl or gnutls and all components now share the same configuration file parser.

Changelog summary

The main changes are as follows:
  • Support for plugin in libnuclient
  • Improved client-server protocol
    • Protocol extension via plugin
    • Better performances on bad network
    • Better error handling
  • Filtering capabilities improvements:
    • Client compute hash of application for advanced filtering
    • Authentication quality support
  • Configuration file for nufw and client
  • New convenience libraries:
    • nussl: TLS abstraction library (gnutls or openssl)
    • nuconfparser: Configuration library
    • nubase: Common use library
  • log_ulogd2 module: log packet via ulogd2
  • postauth_localuser module: sample postauthentication protocol modification
  • nufw: switch libnetfilter_conntrack code to new API
  • client proto: negotiate protocol version

NuFW: NuFW 2.2.22 is available

Added by Eric Leblond 5 months ago

This new release of 2.2 branch contains some minor bugfixes.

Full changelog is as follows.
  • system: suppress prefixed domain when fetching group and id.
  • nufw: work around non thread-safeness of libnfnetlink
  • nuauth: fix logging of connection end timestamp
  • nuauth: fix rare bug related to nufw server handling

Also available in: Atom