For instructions about how to install nuface: see INSTALL

Nuface web interface allows you to configure a nufw based firewall (or a simple
Netfilter firewall).
With nuface, way of work is to use followings objects:
 - ressources: the source of a connection
 - subjects: the initiator of a connection : can be an IPv4 object or a NuFW
   authenticated user, or a combination (and/or) of both.
 - protocols: used to define technical parameters of a connection: ports, icmp
   types, protocols, etc...
 - acls use one element of each class defined above. 
 - floatings: theses are working elements, used to easily manipulate and move
   objects that are handled by the web interface. The floatting elements are
   never saved to file, they are to be used within one session only.

To generate iptables scripts, nuface uses a python script: nupyf.

Nuface uses /etc/init.d/init-firewall to load iptables rules in the right way
Currently nuface handles FORWARD, INPUT and OUTPUT rules. 
Specific rules can be written in /etc/network/firewall/local_rules:
 - Files names must be prefixed by filter, nat or mangle. 
 - Filter and nat rules must be in iptables-restore format:
   -A FORWARD -p tcp --dport 22 -j ACCEPT
and rules for mangle table in {pre,post}_mangle.

Documentation:
Documentation for nuface and nupyf is available in docbook format and html: see doc/
directory. Right now the documentation for nuface is available in french and english as well.

Configuration notice:
* It is recommended to use nuface with Apache2 and PHP4. You can take a look to the sample configuration file nuface_apache.conf.
* If you want to be able to reload your firewall rules from the web interface of nuface, it will need to install sudo. After that, you have to add the following configuration (use the 'visudo' command):
======================
Cmnd_Alias      NETWORK_SCRIPTS = /etc/init.d/init-firewall
Defaults:www-data       !authenticate

www-data hostname=NETWORK_SCRIPTS
======================

Layer7 filtering notice:
  Nuface integrates a functionnality for setting up layer7 filters. We use
  for that the project http://l7-filter.sourceforge.net/ ; please read
  the documentation on this site to know how to install it. Then, the
  functionnality must be enabled in the Nuface's configuration file.

Functional testing:
  For more information about the functional test infrastructure, please see
  the tests/README file.

HomePage: http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuFace

contact: nuface@inl.fr
