Sanewall is a firewall builder for Linux that uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need. Sanewall is a fork of FireHOL and can make use of existing FireHOL configurations.
check_nwc_health is a plugin for the Shinken (or Nagios/Icinga) monitoring system. It is used to check hardware health, environment, interfaces, pools, uptime, etc. of a great range of the most popular network components like switches, routers, firewalls, proxies, load balancers, etc. Currently it can monitor: Cisco IOS, Cisco Nexus, F5 BIG-IP, CheckPoint Firewall1, Juniper NetScreen, HP Procurve, Nortel, Brocade 4100/4900, EMC DS 4700, EMC DS 24, Allied Telesyn, and Blue Coat SG600.
Sphirewall is a user-centric analytical network firewall/router. Out-of-the box, it provides user authentication coupled with powerful analytics which provide you with complete control over your network and users. With Sphirewall, you can manage and understand what is happening on your network with features such as qos, bandwidth quotas, user authentication, and much more. Not built on iptables, it is able to do things which other Open Source firewalls can't. Its very flexible, and with its open JSON API, can easily be plugged into any existing environment.
Jkaptive is a simple captive portal without RADIUS (and thus without total security, but at the same time without too much hassle). The reason behind this is because a lot of site administrators don't need tight security; their site is just a café that offers free Internet access on an unsecured WLAN access point connected to the Internet, and they need a ticketing system to make it cumbersome for average people to use this offering without actually buying a single coffee. Jkaptive itself just presents the login page and checks the token. The blocking of unticketed traffic is done through Linux' netfilter. As no proxy server is involved, jkaptive has no performance penalty, nor does it create problems with non-HTTP traffic. Once the token is accepted, jkaptive is out of the way of any network packets completely. For presenting the login page, jkaptive has a built-in Web server, so no additional Web server application is needed.
Collax Business Server is an all-in-one Linux server for small- and medium-sized businesses. It delivers all the important network services within a heterogeneous business environment for communication, infrastructure, compliance, groupware, and storage, all in a reliable and secure way which is easy to manage. It also provides essential security functions such as firewalling and virus and spam filtering, to protect against hacker attacks, viruses, and unsolicited email messages.
StopHack is a simple to use and easy to install intrusion prevention system. It is fully adaptable and easily customized to your environment. It is built on top of proven bandwidth arbitration technology so the traffic passing through it won't be slowed down. Every packet is analyzed with regular expression-based behavior anomaly detection, and hackers are blocked immediately. It prevents reflected cross-site scripting, SQL injection, directory traversal, reflected URL redirects, login brute forcing, remote shell execution, and more.
360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
Ipt_fw is a firewall for Linux based on iptables. It is designed for client systems. Ipt_fw outputs a shell script containing iptables commands, so inspection of the settings it creates is easy. The configuration files are made in LibreOffice（OpenOffice）Calc. Making of the firewall and a machine using the firewall are separated. It allows you to set the user level and features detailed logging, IP address blacklist management, and iptables integrity.
autofwd is an automated firewalling daemon intended to block hosts performing unwanted acts. While it was designed to be used to thwart hosts running dictionary attacks on logins (of any service), it can be used for just about anything. The external commands it runs are configurable, allowing you to take additional actions against offending hosts such as running an nmap OS fingerprint before firewalling, or just silently logging the event.