Iptables match module capable of matching various peer-to-peer networks by examining the application-layer protocol
HTTP proxy to block ads and customize webpages
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.
Linux firewall distribution geared towards home and SOHO users.
The IPCop Firewall is a Linux firewall distribution. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.
Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI. A message from project maintainers: After working on Firewall Builder for many years it is with some sadness that Vadim and I are announcing that we have suspended all development activity for this project. Firewall Builder has been a great project to work on and we have truly appreciated all the support and positive feedback that the user community has provided. Without you we wouldn’t have been able to keep things going this long. You might be wondering why we are doing this... We had an exciting opportunity come up to start a company developing advanced security automation solutions. This was a chance of a lifetime that we just couldn’t pass up and unfortunately it means that we no longer have time available to work on improv
VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It supports IP, Ethernet, PPP and other tunnel types. VTun is easily and highly configurable. VPN, Mobile IP, Shaping, etc
Smoothwall is a best-of-breed Internet firewall/router, designed to run on commodity hardware and to provide an easy-to-use administration interface to those using it. Built using open source and Free software, it's distributed under the GNU Public License.
A java PCAP and DPI library
A java wrapper for popular "libpcap" and "WinPcap" libraries. Accurate full API translation. Packet buffers delivered with no copies. Send custom packets, gather statistics. Comprehensive and easily extensible DPI engine.
This is a daemon that emulates Microsoft's Internet Connection Service (ICS). It implements the UPnP Internet Gateway Device specification (IGD) and allows UPnP aware clients, such as MSN Messenger to work properly from behind a Linux NAT firewall.
360-FAAR Analyze FW1 Cisco Netscreen Policy Offline Using Config/Logs
360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.
Siproxd is a proxy/masquerading daemon for the SIP protocol. It allows SIP clients (softphones & hardphones) to work behind an IP masquerading firewall or router.
Fail2Ban monitors log files like /var/log/pwdfail or /var/log/apache/error_log and bans failure-prone addresses. It updates firewall rules to reject the IP address or executes user defined commands. Please see code and download from https://github.com/fail2ban/fail2ban . SF Fail2ban portal might not be up-to-date
GreenSQL is a database firewall engine used to protect Open Source Databases from SQL injection attacks. It works in proxy mode. Application logics is based on evaluating of SQL commands using risk score factors, as well as blocking of sensitive commands
The goal of FireStarter is to provide easy to use, yet powerful, graphical tools for setting up, administrating and monitoring firewalls for Linux machines.
Please see http://firehol.org/ for up-to-date releases and information. FireHOL is a stateful iptables packet filtering firewall configurator. It is abstracted, extensible, easy and powerful. It can handle any kind of firewall, but most importantly, it gives you the means to configure it, the same way you think of it.
Robust and flexible VPN network tunnelling
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single TCP/UDP port. Discussion forums and project wiki can be found here: https://forums.openvpn.net/ http://community.openvpn.net/openvpn
CartoReso intends to facilitate enterprise computer network mapping.
Sonicwall Configuration File Reader
SonicReader is used to view and save reports of the internals of a Sonicwall Configuration file. This is useful for those people that wish to know the settings within their saved Sonicwall Configs. I have no affiliation with Dell Sonicwall. Please do not contact Dell Sonicwall regarding the use of this program.
A firewall configuration project based on Linux 2.6.x and iptables. It has a web interface with an intuitive Webmin module, or you can edit a XML file. You can define the different firewall elements (zones, hosts, networks) and then set the services
The Distributed Intrusion Detection System.
THIS PROJECT IS UP FOR GRABS. PLEASE CONTACT ME FOR TAKING OVER THIS PROJECT. This is program to allow users behind a HTTP proxy like squid to use applications like telnet,ssh, irc, fetchmail etc as if they were directly connected to the internet.
This project consist of a simple framework for creating and managing access rules for the Squid proxy server.
TuxGuardian is an application-based firewall with a graphical interface. It's main task is to control and forbid transmission & reception of data by unauthorized applications; it can be thought as the Linux equivalent to apps such as ZoneAlarm and Kerio
TPCAT is based upon pcapdiff by the EFF. TPCAT will analyze two packet captures (taken on each side of the firewall as an example) and report any packets that were seen on the source capture but didn’t make it to the dest. See docs for info.
Collection of open source security tools that enhance the ability of people and companies to secure their environment. These tools will build upon the foundation laid by the security community.
A firewall is used to control access to services (eg proxy) depending on the time of day, the day and the hosts the requests come from -- as the need may arise in a school or university. A web interface delegates control of activation to authorized users.