Open Source Firewall Software - Page 26

janus watcher - Dynamic DNS watcher for FreeS/WAN & forks. Perl script that watches dynamic DNS hosts and replaces the connection when the IP address changes.

jennifer is an educational (albiet oddly named) firewall/NAT script generator, written in python, targetted at linux+iptables systems. It is intended to both (a) generate practical and useful configurations, and (b) demonstrate the concepts involved in TO

Jkaptive is a simple captive portal without RADIUS and thus, without total security, but at the same time. without too much hassle. The reason behind this is because a lot of site administrators don't need tight security - their site is just a café which offers free internet access on an unsecured WLAN access point connected to the internet and they need a ticketing system to make it cumbersome for average people to use this offering without actually buying a single coffee. Jkaptive itself just presents the login page,checks the token and places netfilter rules. Telling apart ticketed from unticketed traffic is done through Linux' netfilter. As no proxy server is involved, jkaptive has no performance penalty, nor does it create problems with non-http traffic. Once the token is accepted, jkaptive is out of the way of any network packets completely. For presenting the login page, jkaptive has a built-in webserver, so no additional webserver application is needed.

JWall is not just a java gui for iptables. JWall is a multi firewall management client. A secure rulebase can be built with graphical objects. Rulesets can be pushed to remote firewalls (via ssh). The remote firewall just needs to be Linux with sshd

Human Configurator for iptables and tc [traffic control], in order to obtain a traffic-shaping system with a few of click. Basically, it's a perl script which parse an xml config file, where you can put your shaping and filtering rules for your net(s)/h

kclamav is a lite and streaming version of the ClamAV virus scanner. It is built as a Linux 2.6 kernel module and hooks via the Netfilter API. The ClamAV virus database is loaded into kernel memory.

l2tpknock is an add-on plugin for l2tpns servers or clusters and is intended to perform the rule of the port knocking idea, but with l2tp vpns, specifically, the l2tpns project.

This is extremely handy for Android Phones, as now most third-party Apps from mobile market is now close-sourced and it's hard to promise its security, but some of this functions may be tempting, so we have to install it and give it permissions what it want at installation stage, and then it may do something we don't like in the background, now with Lavender we can at least prevent from accessing network if we don't trust it. Both linux desktop and Android Phones are now supported(Front-end library and UI support) LIMITATIONS: Check README for details. SOURCE: git clone https://github.com/crs-chin/lavender.git

really simple (minimal) implemention for client only igd from upnp, contains just enough to allow you to open/delete ports on a upnp router. uses libcurl, libxml2 and libxslt

links2world Firewall is a simple tool writen in C, that helps you generate iptables rules for Linux 2.4.x and newer kernels. Very easy to configure, it is designed to run on hosts with one or more network interfaces.

The LR101 Projects aim is to develop a real Linux Hardware Router supporting all major protocols / routing protocols with VPN (FreeS/WAN) and VPN/ISP Failover support.

Log2table allows you to continuously monitor your logfiles. You can trigger actions when a specific message comes in your audited logfiles or when a specific number of occurences are present.

Loggrep greps kernel logfiles on ipchains and iptables firewall log entries and features the ability to filter against given entries (date, IP, port, ..). It also features quasi-detection of protscanning, line count and html output.

lua-resty-waf is a web application firewall implemented in Lua for OpenResty/NGINX, designed to run inline at the edge with low overhead. It inspects requests and responses during NGINX phases, applying rule logic and anomaly scoring to detect patterns like SQL injection, cross-site scripting, and protocol abuse. Rules are organized into policies with configurable actions—block, log, or allow—and can leverage shared dictionaries for counters, rate limits, and caching decisions. Because it runs inside the NGINX event loop, it scales with the web tier and avoids the latency of external proxies. Operators can extend it with custom Lua code, integrate threat feeds, or adapt it to application-specific quirks without recompiling modules. The result is a flexible, scriptable WAF that pairs the performance of NGINX with the expressiveness of Lua for nuanced HTTP defense.

Monowall-CMI is an Opensource Central Management Interface for m0n0wall devices.

macf is a MAC-based packet filter. It can be on a machine acting as a firewall, router, bridge, or even a server, and allows operators to "check out" MACs which may then be used for a period of time. Right now, it's on hold for lack of interest.

It's a non-complicated free patch that allows you to access websites which are censored by sublime(!) authorities like schools, offices, governments.

This Project will provide addons for the ipcop firewall.

mIBB - my Iptables Blacklist Builder - is a small script written to be used through the crontab, that looks into /var/log/auth.log for failed logins and builds bad boys blacklist.

myNetWatchman Perl Agent is a program that is designed to capture rejected packet information from various firewall logs and forward this attack information to central analysis servers at myNetWatchman.com.

netadm project provides monitoring tools for network performance and network control system. the above monitoring tool is called 'npt(Network Perfermance Tool) and the above network control system is called 'gwc (GateWay Control~). npt program provide

A netfilter/iptables extension that allows the configuration of rules that match against applications on the local system. So one should be able to control and monitor the outgoing network traffic of a specific application with iptables.

nf_quota is an ip-based traffic accounting project. IPs can be added to users. It provides a kernel module that hooks onto netfilter and counts every packet passing a specified interface. If the quota for a ip/user is exceeded, the packet is dropped.

ngx_lua_waf is a web application firewall (WAF) module written in Lua for use with OpenResty (Nginx + Lua). It provides protection against common web attacks such as SQL injection, XSS, file uploads, and malicious bots. The WAF is rule-based, easily configurable, and lightweight, offering real-time defense with minimal performance overhead.

Nodogsplash offers a simple way to provide restricted access to an internet connection. It is intended for use on wireless access points running OpenWRT (but may also work on other Linux-based devices).