m0n0wall is an all-in-one firewall software package that is based on FreeBSD. It is geared towards embedded PCs, but it also works on standard PCs. It includes an easy-to-use Web interface like commercial firewall boxes do. PHP is used instead of shell scripts, and the entire system configuration is stored in a single XML-formatted file. There is support for VPN, traffic shaping, captive portal, VLANs, and more.
flashboot for OpenBSD is a set of makefiles, scripts, and support tools to build an OpenBSD image suitable for booting from read-only media, such as flash memory. The default image (smaller than 5Mb) is an image for a firewall/router with support for IPsec, SSH, IPv4 and IPv6 packet filtering, DHCP (client and server), and PPPoE. This image may be further trimmed or extended by editing the packing list files included in the distribution.
pfflowd is a small daemon which converts real-time state expiry messages from OpenBSD's PF packet filter into Cisco NetFlow datagrams. This allows very fine- grained traffic accounting in conjunction with NetFlow capable tools and places almost no incremental load on a PF firewall.
SOHT (Socket over HTTP Tunneling) allows you to tunnel socket connections through an HTTP proxy. Restrictive firewalls often prohibit all outgoing trafic except for HTTP. This application allows you to tunnel socket connections over the HTTP protocol. This application consists of a server that serves as a proxy and a client which tunnels a socket connection over an HTTP connection to the server. The current server is written in Java, and there are clients in Java and .NET.
plugdaemon is a load-balancing "plug" proxy. It allows you to forward TCP connections to one or multiple hosts, using load balancing or failover, and to route the connections through an HTTPS proxy. Access control is done by source interface or by originating IP. Outgoing connections can be bound to a specific IP address.
YpFw is a frontend to ipfw and dummynet. It was developed to ease the setting and managing of ipfw rules and dummynet pipes on FreeBSD. It features a curses text interface, which allows the user to add/delete rules, update/clear rules counters, and add/delete/configure pipes. It is not meant as a replacement to ipfw; the user will need to understand ipfw and dummynet rules and syntax.
IPsec-Tools is a Linux port of the user-space tools from KAME. It includes libipsec (a library with a PF_KEY implementation), setkey (a tool for manipulating and dumping the kernel Security Policy Database and Security Association Database), and racoon (Internet Key Exchange daemon for automatically keying IPsec connections).