RCPlive is a router live CD based on Debian 7 and the RCP100 routing suite. It is a flexible firewalling and routing platform, configured using a command line interface syntax similar to the one found in commercial routers. The software runs directly from a read-only CD or USB stick, and provides persistence by saving the configuration into a file placed on an existing disk partition.
Dowse eases the configuration of network routing for a local area network, starting from the setup of ARP-level static entries of known peers, IP-level firewall, DHCP configuration, and local DNS cache, up to an application layer transparent proxy and optional gateways to anonymous networks such as Tor and I2P. It consists of a minimalistic script which can run on any GNU/Linux box and which, from a central configuration point, controls Ebtables, Iptables, and all the daemons needed for such operations: DnsMasq, Squid2, and Privoxy. It comes with a module system for contributed add-ons like DNSCrypt-proxy and HTTPS-everywhere.
Clement is an email server application. Its main function is to block unwanted mail (spam) as soon as possible in the email exchange process. It accepts or rejects email while the SMTP session, initiated by the email sender, is still pending, accepting legitimate email messages without the need to return an error status to non-existent or "borrowed" return address later. Clement can operate in two modes, either as a standard MTA (as sendmail, Postfix, Exim, Exchange, etc.) to store email in the recipient's own area, or to transmit the mail to an another SMTP server acting as smart spam filtering device. Each email domain name Clement knows about can be treated in one of these two modes depending on the group to which the domain name has been set. Each message is verified by a virus scanner (ClamAV) while the SMTP connection is still open, but the refusal of mail and the reason for refusal is notified to the actual sender. Mail management is done via a Web interface and can be delegated to three administrative levels (Root-Admin, Group-Admin, Domain-Admin). Standard users can access their own logs (sent email status, email rejected, quarantined email, etc.). With this interface, the user can handle the rejection and acceptance of mail. Users who are level "Admin" can access the session logs (via the Web interface). Clement uses a SQL database (PostgreSQL, MySQL) to store and manage logs, user profiles, and dynamic management of directives concerning the sender-receiver relationship.
Andrisoft WANGUARD is an enterprise-grade traffic monitoring and DDoS detection and protection solution that delivers the functionality NOC, IT, and security teams need to effectively monitor and protect their network through a single, integrated package. WANGUARD Sensor relies on sFlow, NetFlow, IPFIX, or Port Mirroring / SPAN.
Sphirewall is a user-centric analytical network firewall/router. Out-of-the box, it provides user authentication coupled with powerful analytics which provide you with complete control over your network and users. With Sphirewall, you can manage and understand what is happening on your network with features such as qos, bandwidth quotas, user authentication, and much more. Not built on iptables, it is able to do things which other Open Source firewalls can't. Its very flexible, and with its open JSON API, can easily be plugged into any existing environment.
check_nwc_health is a plugin for the Shinken (or Nagios/Icinga) monitoring system. It is used to check hardware health, environment, interfaces, pools, uptime, etc. of a great range of the most popular network components like switches, routers, firewalls, proxies, load balancers, etc. Currently it can monitor: Cisco IOS, Cisco Nexus, F5 BIG-IP, CheckPoint Firewall1, Juniper NetScreen, HP Procurve, Nortel, Brocade 4100/4900, EMC DS 4700, EMC DS 24, Allied Telesyn, and Blue Coat SG600.
Sanewall is a firewall builder for Linux that uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need. Sanewall is a fork of FireHOL and can make use of existing FireHOL configurations.