Sanewall is a firewall builder for Linux that uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need. Sanewall is a fork of FireHOL and can make use of existing FireHOL configurations.
RCPlive is a router live CD based on Debian 7 and the RCP100 routing suite. It is a flexible firewalling and routing platform, configured using a command line interface syntax similar to the one found in commercial routers. The software runs directly from a read-only CD or USB stick, and provides persistence by saving the configuration into a file placed on an existing disk partition.
check_nwc_health is a plugin for the Shinken (or Nagios/Icinga) monitoring system. It is used to check hardware health, environment, interfaces, pools, uptime, etc. of a great range of the most popular network components like switches, routers, firewalls, proxies, load balancers, etc. Currently it can monitor: Cisco IOS, Cisco Nexus, F5 BIG-IP, CheckPoint Firewall1, Juniper NetScreen, HP Procurve, Nortel, Brocade 4100/4900, EMC DS 4700, EMC DS 24, Allied Telesyn, and Blue Coat SG600.
Jkaptive is a simple captive portal without RADIUS (and thus without total security, but at the same time without too much hassle). The reason behind this is because a lot of site administrators don't need tight security; their site is just a café that offers free Internet access on an unsecured WLAN access point connected to the Internet, and they need a ticketing system to make it cumbersome for average people to use this offering without actually buying a single coffee. Jkaptive itself just presents the login page and checks the token. The blocking of unticketed traffic is done through Linux' netfilter. As no proxy server is involved, jkaptive has no performance penalty, nor does it create problems with non-HTTP traffic. Once the token is accepted, jkaptive is out of the way of any network packets completely. For presenting the login page, jkaptive has a built-in Web server, so no additional Web server application is needed.
autofwd is an automated firewalling daemon intended to block hosts performing unwanted acts. While it was designed to be used to thwart hosts running dictionary attacks on logins (of any service), it can be used for just about anything. The external commands it runs are configurable, allowing you to take additional actions against offending hosts such as running an nmap OS fingerprint before firewalling, or just silently logging the event.
Fing is a command line tool for network and service discovery. It provides you a complete view of any network in a very short time. Its smart discovery automatically detects the network type and uses the best technique to scan it. The best results are achieved on Ethernet networks (including Wireless ones), where Fing is able to detect all network hosts, firewalled ones included. The service discovery feature quickly detects active TCP services on a target host or network. Fing is based on Look@LAN.
Altimate Firewall is a small and easy-to-use firewall, based on a hardened Gentoo system. It has an intuitive and easy-to-use Web interface. The Altimate Firewall uses Shorewall (LAN, WAN, DMZ), OpenVPN, PPTPD, IPSEC, and many more. It includes Avira WebGate and MailGate for safer browsing and for securing your email messages. The network settings can be easily managed by a non-professional.
flex-fw is a small and fast front-end for the Linux iptables utility with an easy command syntax like ipfw or pf from BSD systems. It features service-oriented configuration, support for network profiles, which is useful for notebooks, support for macros, easy migration to another network environment by redefining macros, easy distribution to many hosts, syslog logging support for iptables errors and dropped packets, an interactive mode for manually configuring "on the fly", a batch mode for execution from shell scripts, and a library mode for using the flex-fw functions in your shell scripts.
DIFFUSE enables FreeBSD's IPFW firewall subsystem to classify IP traffic based on statistical traffic properties. With DIFFUSE, IPFW computes statistics (such as packet lengths or inter-packet time intervals) for observed flows, and uses ML (machine learning) techniques to assign flows into classes. In addition to traditional packet inspection rules, IPFW rules may now also be expressed in terms of traffic statistics or classes identified by ML classification. This can be helpful when direct packet inspection is problematic (perhaps for administrative reasons, or because port numbers do not reliably identify classes of applications). DIFFUSE also enables one instance of IPFW to send flow information and classes to other IPFW instances, which then can act on such traffic (e.g. to prioritize, accept, or deny) according to its class. This allows for distributed architectures, where classification at one location in your network is used to control firewalling or rate-shaping actions at other locations.