Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
|Tags||Security Networking Firewalls|
|Operating Systems||OS Independent|
Release Notes: This release adds better ergonomy (especially through simplified forms), creation of contextual help, and navigation history. The local rules (INPUT and OUTPUT) now have a dedicated form. For each ACL, it's possible to log (with ulogd or NuFW) or not log the connections with a personalized log message, usable directly with Nulog or any log analyzer. The installation is also easier, thanks to the creation of a network autoconfiguration tool (interfaces, networks, and routes).
Release Notes: A redesign of the data model. Countless design and ergonomy fixes. Ported to PHP 5 (PHP 4 is no longer supported). gettext is used for i18n. This release performs much stricter control on ACL files at load time. The license has changed to the GPLv3.
Release Notes: A bug that would stop rules generation when authentication subjects with no mention of IPv4 networks were used has been fixed. A bug when a remote IPSEC router is not in a network in the description has been fixed. A DTD describing desc.xml v1.3 has been added.
Release Notes: VPN (ipsec) networks (type "mark") are now supported in ACLs. There is a tiny bugfix regarding session problems when unloading/reloading a ruleset in one given browser session.
Release Notes: A new option, "$disable_check_net", was introduced for tricky network topologies. A bug in index where language persists through the session was fixed. Support for IPSEC VPN integration was added. Various interface bugs were fixed, especially for 100% non-NuFW firewalls.