Zorp is a proxy firewall suite with its core architecture is built around today's security demands: it uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
Dante is a free implementation of the proxy protocols SOCKS version 4 and SOCKS version 5 (RFC 1928). It can be used as a firewall between networks, controlling outgoing traffic. The package consists of two parts: a socks server and a proxy client that supports socks, HTTP proxies, and UPnP. RFC 1961 (GSSAPI) is supported in both the client and the server. Commercial support is available.
Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.
Endian Firewall is an all-in-on Linux security distribution that turns any system into a full-featured security appliance. It features a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, POP3, SMTP), anti-virus support, virus and spam filtering for email traffic (POP and SMTP), content filtering of Web traffic, and a "hassle free" VPN system based on OpenVPN.
Amber sits in the tcpserver chain for qmail and implements an "amber list" for incoming mail. This neither accepts nor rejects connections, but implements a number of timing-related tricks to fake out spam and virus software that doesn't implement SMTP correctly. For example, it can defer requests from new IP addresses for a few minutes before it starts passing connections on to smtpd, pause and check for programs that send data before the HELO, and otherwise make things rough for bandit bulk mailers.