This talk focuses on how firewalls can work at the TCP/IP network layer and handle a user authentication where the IP address is not considered at all. We will first explain the common weaknesses of existing identity-based filtering systems, detail what exists in Netfilter internals to respond to it, and propose a user friendly implementation through the NuFW [13] project. We will conclude with some usage example of latest Netfilter features.