FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
slakbootIBS (Slackware Interactive Boot Scripts) is an enhanced set of replacement boot scripts for the Slackware Linux distribution. It includes a set of control and dispatch tools for configuring and booting with colorized interactive scripts. The new boot process allows the operator to select or skip start-up components in realtime. It facilitates debugging of startup problems and allows operators to maintain a common baseline to support several local configurations or multiple servers with a single set of scripts.
Frankenwall is a bash shell script intended to create a highly secure IPTables based Linux firewall/router with QOS/traffic shaping/bandwidth management. Be certain you know exactly what your network needs before using it. The primary focus of this project is security through an intimate understanding of your networking requirements. All configuration is done by editing text files.
BongoSurfer is a least-cost router for Linux, like the Smartsurfer program for Windows. It allows you to connect to the Internet with a 56k modem or ISDN, and chooses the cheapest provider for you. The tariff database is updated every day from http://www.billiger-surfen.de/. Since the tariffs only apply within Germany, the program is of little use in other countries. It features a cost calculator, a traffic monitor, an online timer, and more.
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
CaiCai is a network and services monitoring system. It performs tests for ping, DHCP, POP3, SMTP, FTP, etc. It does not require additional software installed on the remote side. It is fully configurable. It provides instant reports (via an HTML page), logs, statistics, and sound alarms.
IP-Array is a Linux iptables firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, traffic shaping (creation of custom HTB and SFQ qdiscs, classes, and filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.