NuFW: Single sign-on meets firewall
Mandriva has recently released the latest version of its next-generation firewall, NuFW 2.1.1.
NuFW starts, like most Linux firewall software does, on the foundation of the Linux kernel's Netfilter, a set of basic IP (Internet Protocol) hooks that allows kernel modules to register callback functions with the network stack. In most distributions, it's used with iptables to create generic Linux firewalls.
Where NuFW steers away from commonplace firewalls is by bringing the notion of user identity to the firewall's security rules. With most firewalls, the rules on what network ports are enabled or disabled is determined by the computer's network address. For example, you might let the PC with the address 192.168.0.100 have access to the IP port range 6881 to 6891 to make it work better with the BitTorrent file sharing protocol. With NuFW, the firewall permissions follow an authenticated user instead of a PC's address.
Thus, firewall filtering rules are not based on just computers, but also on users or groups.