Projects / Nuface


Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.

Operating Systems

Recent releases

  •  28 Mar 2008 14:27

    Release Notes: This release adds better ergonomy (especially through simplified forms), creation of contextual help, and navigation history. The local rules (INPUT and OUTPUT) now have a dedicated form. For each ACL, it's possible to log (with ulogd or NuFW) or not log the connections with a personalized log message, usable directly with Nulog or any log analyzer. The installation is also easier, thanks to the creation of a network autoconfiguration tool (interfaces, networks, and routes).

    •  15 Jan 2008 22:38

      Release Notes: A redesign of the data model. Countless design and ergonomy fixes. Ported to PHP 5 (PHP 4 is no longer supported). gettext is used for i18n. This release performs much stricter control on ACL files at load time. The license has changed to the GPLv3.

      •  07 Oct 2007 16:17

        Release Notes: A bug that would stop rules generation when authentication subjects with no mention of IPv4 networks were used has been fixed. A bug when a remote IPSEC router is not in a network in the description has been fixed. A DTD describing desc.xml v1.3 has been added.

        •  10 Sep 2007 17:56

          Release Notes: VPN (ipsec) networks (type "mark") are now supported in ACLs. There is a tiny bugfix regarding session problems when unloading/reloading a ruleset in one given browser session.

          •  03 Sep 2007 11:23

            Release Notes: A new option, "$disable_check_net", was introduced for tricky network topologies. A bug in index where language persists through the session was fixed. Support for IPSEC VPN integration was added. Various interface bugs were fixed, especially for 100% non-NuFW firewalls.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.