Allows users of a Linux workstation to control which programs access the Internet. This can be done statically by listing them in a file or dynamically via a GUI dialog box that appears when a new program attempts to connect to the Internet.
Ruined stands for "Ruby Iptables Network Displayer". It outputs SVG graphs from an iptables configuration.
Sphirewall is a user centric analytical network firewall/router, its the only open source product that provides user/group and role based firewall rules with extensive reporting services
TRAP is a very innovative and advanced transparent proxy that verifies the integrity of your network communication. It offers a custom scripting language that allows the user full control over the decision making process.
adcfw-log is a tool for analyzing firewall logs in order to extract meaningful information and generate different kinds of reports, such as fully formatted reports of what had been logged, with summaries by source or destination host, the type of service
Udpproxy is very simple but usefull tool for udp traffic forwarding. Can be used if you can't or don't want to mess with kernel level forwarding.
zeroconfig IPv6 tunnel
The use of NAT devices all over the Internet has made peer-to-peer exchanges unreliable. The rise of IPv6 should repair this, but it will still not be reliable until all peers have implemented IPv6. Such IPv6 implementation could be arranged on the fly with a tunnel mechanism that does not rely on router co-operation or manual configuration. This specification details such a method of embedding IPv6 into UDP and IPv4. It employs embedded Router Solicitation to configure the tunnel's public IPv6 address, and Neighbor Discovery to try to find the remote peer over more efficient IPv4 routes.
AAFW(AntiAttackFireWall) is an isapi to protect IIS 5/6 from SQL injection.
ReAIM is an AOL Instant Messenger Proxy for iptables-based firewalls. It allows direct connections to be made to hosts behind an address-translating firewall. MSN and Windows Messenger are also supported.
Reduce employee personal Internet usage during the working day. Increase respect of your corporate Internet usage policy, provide open and honest feedback such as WebMail use during work hours. Plugs into an existing proxy or firewall such as Squid.
Captive Portal to use with IPTables (with ip_set module). It's permit to control access from a sub-net to internet or to another sub-net. Uses unix account to validate users. It's an alternative to Natacl, Sphirewall, Zorp, Nocat, Nufw and others.
Auto Proxy Filter Test (APFT) automates the testing of safe and unsafe URLs against a content filtering proxy (such as Dansguardian) and helps prevent regressions. APFT is useful to people who are designing filter rules.
BadTuxWall will help you to implement your own firewall on a Linux operating system using an efficient graphical user interface. It also allows you to generate iptables scripts, export them and share them with friends.
Bait and Switch combines IDS tech (Snort primarily) and Honeypots into a new, more valuable, reactive system. After receiving an alert, B&S protects your server by silently redirecting hostile traffic to a honeypot while leaving other traffic alone.
Web-based bandwidth management tools based on tc and iptables for internet cafe or small to medium network administrators.
BastionX is a suite of bash scripts which provide a firewall system using netfilter on linux. Some of the supported features are flow control & QoS, local & WAN ip blacklists, dynamic trusted hosts, DMZ feature, auto detection of interfaces.
Provide secure, quality, user-friendly and fail-proof access to internet manager for IPTABLES-DENY-ALL-based Linux configuration of firewall, including traffic and time accounting, logging, auto-disconnection. Software for i-net clubs and caffee admins
CRYPT extension for Netfilter/Iptables allows you to create an encrypted communication using stream and block ciphers. It also authenticates the packets.
CallingHome is a small tool that allows you to gain control over a firewalled and thus directly unreachable PC (e.g. your PC at work). It achieves this by actively maintaining a SSH connection from within the firewall to a SSH server of your choice.
Campagnol is a decentralized VPN over UDP tunneling. It uses UDP hole punching to open connections through NAT/firewall and OpenSSL's DTLSv1 implementation for mutual authentication and encryption.
CHAOSTATION is a futuristic & professional software designed to deliver a complete management solution for Gaming & Internet Cafes. A wide range of features e.g. booking, license management, financial and statistical reports, POS & advanced security.
DAXFi is a Python package that helps configure several different kinds of firewalls in a consistent way. The rules are described in XML. It comes with a Python package, useful to build other applications and includes some useful example programs.
A daemon that creates realtime dynamic, expirable iptables rules to block/drop IP addresses attempting brute-force breakin attacks on a linux host via ssh or other mechanism. Highly customizable and extensible.
Dyper is a framework for adding connection tracking and dynamic pinhole capabilities to stock routers/switches that allows multiport protocol communication to be maintained with other sites under least privilege while achieving maximum performance.
A virtual private network created out of iptables, two small executables about 4k each, and duct tape. Designed to scale to a very large number (>65536) of small (~250 node) subnets, rather than a small number of large subnets. See dvpn.sf.net for sourc