NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time.
https://exchange.xforce.ibmcloud.com/vulnerabilities/36134
http://www.securityfocus.com/bid/25379
http://www.nufw.org/+NuFW-2-2-4%2C201+.html