Linux firewall distribution geared towards home and SOHO users.
The IPCop Firewall is a Linux firewall distribution. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
Anti Spam SMTP Gateway
[antispam] MailCleaner is an anti-spam / anti-virus filter SMTP gateway with user and admin web interfaces, quarantine, multi-domains, multi-templates, multi-languages. Using Bayes, RBLs, Spamassassin, MailScanner, ClamAV. Based on Debian. Enterprise ready. MailCleaner is an anti spam gateway installed between your mail infrastructure and the Internet. It includes a complete GNU/Linux OS and a graphical web interface for user and administrative access. It comes in the form of virtual machine templates.. - fully compatible with any SMTP mail server (Exchange, Zimbra,...) You can install now MailCleaner within the following virtual environments: qcow2 (KVM, Proxmox, OpenStack, Xen) vhd (Hyper-V, VirtualPC) vmdk (VMware ESXi, Workstation, VMware Fusion) ova (VM Standard, supported by most hypervisor) Dedicate a server to MailCleaner, and you will have a working professional mail filter in less than an hour.
A firewall configuration project based on Linux 2.6.x and iptables. It has a web interface with an intuitive Webmin module, or you can edit a XML file. You can define the different firewall elements (zones, hosts, networks) and then set the services
GTCop Professional Security Appliance aims to provide a powerful tool for satellite communications, with enhanced QoS and bandwidth controls. As derived from IPCop Firewall, it is a stable, secure, easy to configure and maintain GNU/Linux firewall box.
HLBR is an IPS (Intrusion Prevention System) that can filter packets in the OSI layer 2. Detection of malicious traffic is done by rules. It can even be used as bridge to honeypots. The HLBR is a firewall element and can use regular expressions. Warning: this project was discontinued and should not be used in production networks. There are several bugs.
[not maintained anymore] Jay's Iptables Firewall is a script with support for multiple (external/internal) interfaces, TCP/UDP/ICMP control, masquerading, synflood control, spoofing control, port forwarding, VPNs (vtund), ToS, denying hosts, ZorbIPTraff
Kharon Firewall is a shell script based on Iptables and written for Linux 2.4.x and 2.6.x. It can be used for a personnal or a professionnal usage and fully commented on in french.
The Master-Slave project is directly related to the Snort IDS to dynamically create rules into iptables firewall. It could send the attacker IP address to others machines into the circuit that will block the IP address before any attack from the intruder
A firewall is used to control access to services (eg proxy) depending on the time of day, the day and the hosts the requests come from -- as the need may arise in a school or university. A web interface delegates control of activation to authorized users.
Web reverse proxy for Single Sign On (SSO). It can apply a security policy (profiles stored in a LDAP directory) to an existing set of applications, consolidate websites, encrypt all communications, rewrite simple URLs...
The goal of WallFire is to build a very general and modular firewalling application based on netfilter or any kind of low-level framework. It will provide a multi-language API, command line and interactive tools as well as X11 or HTML front-ends.
fli4l is a single-floppy Linux-based ISDN/DSL/ethernet-router. It features configuration with some simple ASCII-files and several possible connection-flavors (in/out/callback, raw IP/PPP, PPPoE).
Phiptables is a free software that helps you to build your iptables rules in a simple and easy way on a web-based interface. Once your rules are created a script is written down. You can download it and activate the rules.
syndetector is a software which can detect and drop packet when a synflood attack is detected ! Based on a simple detection system (by the use of iptables and libipq) and on a simple use It is realy easy to setup this software.