nufw-announces
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nufw-Announces] Third birthday and NuFW 2.1.0 !

From: nufw-announces
Subject: [Nufw-Announces] Third birthday and NuFW 2.1.0 !
Date: Fri, 01 Sep 2006 14:54:59 +0200 
Hi,

The first public release of NuFW was delivered exactly three years ago
on Monday, September 1st 2003. This was NuFW 0.3, with 1956 lines in
archive.

We are proud to release NuFW 2.1.0 (43134 lines) to commemorate this
event. This is the first release of the new developement branch. This
release is code named "scholastic porcupine".

It features huge improvments over the 2.0 branch. Among them :
      * IPV6 support
      * Protocol v3 (nufw 2.0) compatibility
      * Two new module types for advanced user session and packet
        filtering tuning.
      * New improved client API

The "full" Changelog is as follows:
        - fix period handling (user OR and and AND between period item of a
          period)
        - fix memory leak in ldap module
        - IPv6 support:
          - clients, nufw and nuauth are able to communicate using IPv4 or IPv6
          - nuauth store all addresses in IPv6 structure, IPv4 use format
            "::ffff:[ipv4]"
          - MySQL store IP address in BINARY(16) instead of INTEGER field
          - Prelude, MySQL, PostgreSQL, etc. modules support IPv6 addresses
          - Plaintext module is able to parse IPv4 and IPv6 addresses
          - Rejectting a packet can send ICMP(v4) or ICMPv6 (depending on source
            IP address type)
          - support ICMPv6 protocol
        - new client API, main changes:
          - don't use callback to get username, password and tls password 
anymore:
            directly send the strings
          - don't delete the session when loosing connection: just delete old 
TLS
            session (and socket) using a "reset" function
          - keep same Diffie Hellman parameters for the session (don't 
regenerate
            them on each reconnection): that's good because it looks to use lot 
of
                CPU (and maybe /dev/random)
          - the client send username and password in UTF-8
        - don't make core dump on fatal errors (in nuauth, nutcpc and pam_nufw)
        - libnuclient: use gcrypt_malloc_secure() to disallow username and
          password to be moved to the swap
        - protocol v3 compatibility (for client and nufw server)
        - Introduce two new modules type:
         - user_session_modify : called when auth is successfull this module
         can modify all params (usefull to set expire or something else)
         - finalise_packet: modify packet content just before decision (useful
         to set mark and/or expire according to advanced policy)
         - Accounting capabilities: conntrack is now dumping accounting
         information

Happy user filtering to all,
reply via email to
[Prev in Thread] Current Thread [Next in Thread]