As kernel is the one routing packet, this is Netfilter is responsible
for the final decision. As you may know, nufw is a userspace application
using libipq or libnetfilter_queue : nufw answers to Netfilter request
and tell if a packet must be accepted or dropped.
Ldap is used to store acl and is queried by nuauth the authentication