Monowall-CMI is an Opensource Central Management Interface for m0n0wall devices.
Brings the functionality of Linux netfilter to Windows.
The purpose of the Hi-Performance Protocol Identification Engine/HiPPIE is to analyze network traffic, and determine what protocol is in use within a given session based on packets sent to the engine. Linux kernel mod with support for iptables/netfilter
nf-HiPAC is a high performance packet filter for Linux. It provides the same rich feature set as iptables but uses an advanced algorithm to minimize the number of memory lookups per packet.
Antivirus eCAP adapter for Squid 3.1 and above.
Securepoint Antivirus eCAP adapter for Squid 3.1 and above.
Creates true post-admission network access control by regulating network access to admitted users on an as needed basis. Users cannot escalate privileges between micro-perimeters. Manageable, efficient and scalable for complex security environments.
TCP-Switch currently allows sharing one port for four protocols (SSH, HTTP, HTTPS, passive FTP). Each protocol can be forwarded (tunnel) to a different <host:port>. Future releases will allow much more controll, e.g. client IP/port, and other protocols
IPv4 & IPv6 Firewall Manager with traffic shaping and Ncurses GUI
Vuurmuur is a powerful firewall manager for Linux/iptables. Vuurmuur supports traffic shaping and live monitoring. It has an easy to learn configuration that allows both simple and complex configurations, and can be fully configured through the Ncurses GUI. Vuurmuur supports NAT, Port Forwarding and has experimental IPv6 support.
Drop specified IP n seconds remotely, auto-undrop it when timeout.
It's a IDS-receiver and written in C. Sometimes I want to drop remote IP xx seconds, and Undrop it when timeout; Sometimes my sniffer-server find a hack-action and I want to tell another server/server-group "Drop xxx.xxx.xxx.xxx IP xx seconds". So I written this program -- dynipdrop("dynipdrop" daemon and "ipdrop_local" to send a drop-msg from localhost, and "ipdrop_udp" to send a drop-msg to another server(installed the dynipdrop daemon). And I think: "Maybe I can make a client to drop the ssh-scan, like DenyHost(http://denyhost.sf.net)", so I write the "sshdprotector". dynipdrop run on linux and need iptables, I use "portsentry(http://sourceforge.net/projects/sentrytools/" + "sshdprotect" + "dynipdrop" to protect my servers, and hope this software make some help to you.
sshh allows you to make a persistent tcp connection (tunnel) over an http proxy. Once you have it set up, you can make new connections from either end. Similar in concept to httptunnel but more versatile and scalable.
The ADSL optimizer is an accurate packet scheduling solution for ADSL connections, based on Linux and HTB. The solution guarantees low latency while maintaining full utilization of both upstream and downstream, without wasting link capacity.
ReAIM is an AOL Instant Messenger Proxy for iptables-based firewalls. It allows direct connections to be made to hosts behind an address-translating firewall. MSN and Windows Messenger are also supported.
Auto Proxy Filter Test (APFT) automates the testing of safe and unsafe URLs against a content filtering proxy (such as Dansguardian) and helps prevent regressions. APFT is useful to people who are designing filter rules.
Bunny Proxy is a light web proxy for across filtering.
Crowd Control is an small, cross-platform HTTP proxy (a fork of the elhttp project) designed for systems with little RAM, such as a home router. It can filter URLs using SquidGuard blocklists, and has the unique ability to filter HTTPS domains as well.
ddos_deflate, el Guapo Edition is network trench defense!
Assuming a firewall (whether in hardware or in software via IPTables / IPChains / or another software firewall), then the bulk of your nefarious traffic is (hopefully) already being taken care of. However, what slips through, on legitimate ports, can sometimes be denial of service attacks. A truly distrubuted denial of service attack is something for where there exists no known solution (at least at this time). However, a single user dos (or a small number of users working together) can effectively be thwarted if your pipe (internet connection) is large. Running on a short cycle (such as 1 minute), ddos_delfate ege can detect nefarious IP's that have bombarded a port with a tremendous number of connections (in a soho environment, 100 connections from a single IP that is not in your LAN constitutes a 'big red warning flag', but you can set this connection limit to your liking in the config file).
EasyBSD is a modular automation script designed to assist in the extensive post installation process that is required in FreeBSD. The following are modules that are included with EasyBSD, Checks, Update, Security, Networking, Firewall, and more...
FWReport is a log parser and reporting tool for IPTables. It generates daily and monthy summaries of the log files, allowing the admin to free up substantial time, maintain better control over security of the network, and reduce unnoticed attacks.
Fork of the OpenBSD spamd for the FreeBSD operating system. See http://www.openbsd.org/spamd/ for the original spamd documentation. Please, report there only FreeBSD related bugs. If you want join to the project - write mail to the samm user.
GTCop Professional Security Appliance aims to provide a powerful tool for satellite communications, with enhanced QoS and bandwidth controls. As derived from IPCop Firewall, it is a stable, secure, easy to configure and maintain GNU/Linux firewall box.
Hardened Linux is a secured and minimalized distribution based on Slackware. It is designed to run as firewall, IDS host, authentication system and VPN gateway. PaX and SSP is included.
IP Tables State implements the "state top" feature from IP Filter for IP Tables. "State top" displays the states held by your stateful firewall in a "top"-like manner, in real time. IPTState also has an option to print your state table once and NOTE: Development has moved to github: http://github.com/jaymzh/iptstate
This Library provides a java API for firewall logs, connection tracking and rules management.
Iroffer with mIRC-style DCC Server Protocol that might allow sends through firewalls without reconfigurations (and some more extra features)
Jateway is a general purpose TCP/IP connection proxy
Jateway is a general purpose TCP/IP connection proxy. Jateway accepts connections on arbitrary ports (like 80 or 443) and specific host:port combinations (like WANIP1:443 and WANIP2:443) for multi-interface systems Supports single TCP connections (like MySQL), and multi-TCP connections like HTTP and HTTPS, and fowards them to arbitrary host/port combinations.