nufw(1)

NAME

nufw - NUFW User filtering gateway server

SYNOPSIS

nufw [ -h ] [ -V ] [ -D ] [ -m ] [ -U ] [ -v[v...] ] [  -k
keyfile  ]  [  -c  certfile  ]  [ -a cafile ] [ -d address ] [ -p
(remote) port ] [ -t timeout ] [ -T track_size ] [ -I ServerID ]

DESCRIPTION

This manual page documents the nufw command.

nufw is the minimalist server, designed to run on the
gateway(s) of the network. nufw is designed to run in conjunction
with nuauth, the authenticating server. nufw receives network
packets from the local firewall (on Linux 2.4 and 2.6, this is
set up with the help of '-j QUEUE' netfilter target), and syn
chronizes with a nuauth server to check packet is authorized to
travel through the gateway.
The design of the NUFW package lets administrator filter
network trafic per user, not only per IP. This means you can now
deal with different permissions for user A and user B, even if
they work at the same moment, on the same multiuser machine. In
other words, this extends firewalling criterias to userID, at the
network scale.
Original packaging and informations and help can be found
from http://www.nufw.org/

OPTIONS

-h Issues usage details and exits.

-V Issues version and exits.

-D Run as a daemon.

-U Use UDP, unencrypted protocol for communication
with the nuauth server. This is NOT recommended.
-m Mark packets with UserID. This requires the wvmark
POM patch applied to netfilter, and is necessary for per user QoS
or routing.
-v Increases debug level. Multiple switches are ac
cepted and each of them increases the debug level by one. Default
debug level is 2, max is 10.
-k keyfile
Use specified file as SSL (private) key file.
-c certfile
Use specified file as SSL (public) certificate
file.
-a cafile
Use specified file as SSL certificate authority
file. This parameter is optional.
-d address
Network address of the nuauth server.
-p port
Specifies TCP port to send data to when addressing
the nuauth server. Nuauth server must be setup to listen on that
port. Default value : 4128
-t seconds
Specifies timeout to forget packets not answered
for by nuauth. Default value : 15 s.
-T track_size
Ask regit :) Default value : 1000.
-I ServerID
Ask regit :) Default value : 12345.

SEE ALSO

nuauth(1)

AUTHOR

Nufw was designed and coded by Eric Leblond, aka Regit
(<eric@regit.org>) , and Vincent Deffontaines, aka gryzor (<vin
cent@gryzor.com>). Original idea in 2001, while working on NSM
Ldap support.
This manual page was written by Vincent Deffontaines
Permission is granted to copy, distribute and/or modify
this document under the terms of the GNU Free Documentation Li
cense, Version 2 as published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts and no Back-Cov
er Texts.

17 octobre 2005

NUFW(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout