check_nwc_health is a plugin for the Shinken (or Nagios/Icinga) monitoring system. It is used to check hardware health, environment, interfaces, pools, uptime, etc. of a great range of the most popular network components like switches, routers, firewalls, proxies, load balancers, etc. Currently it can monitor: Cisco IOS, Cisco Nexus, F5 BIG-IP, CheckPoint Firewall1, Juniper NetScreen, HP Procurve, Nortel, Brocade 4100/4900, EMC DS 4700, EMC DS 24, Allied Telesyn, and Blue Coat SG600.
DIFFUSE enables FreeBSD's IPFW firewall subsystem to classify IP traffic based on statistical traffic properties. With DIFFUSE, IPFW computes statistics (such as packet lengths or inter-packet time intervals) for observed flows, and uses ML (machine learning) techniques to assign flows into classes. In addition to traditional packet inspection rules, IPFW rules may now also be expressed in terms of traffic statistics or classes identified by ML classification. This can be helpful when direct packet inspection is problematic (perhaps for administrative reasons, or because port numbers do not reliably identify classes of applications). DIFFUSE also enables one instance of IPFW to send flow information and classes to other IPFW instances, which then can act on such traffic (e.g. to prioritize, accept, or deny) according to its class. This allows for distributed architectures, where classification at one location in your network is used to control firewalling or rate-shaping actions at other locations.
firewall_e is a small Web application which allows administrators to create lists of servers, users, and ports and assign them to each other. This allows an administrator to login, create users, and assign ports on servers for them to access. Users can login and their remote IP address will be stored. From this address, they'll then be able to access whatever services the administrator provided them.
IPTEditor intends to ease the task of managing/editing iptables rules. It presents an intuitive graphical interface that organizes iptables tables as tabs of a notebook, each of which, in turn, organizes their chains in notebooks tabs. Each rules tab contains a list made up of rows (rules) or item columns ordered according to their occurrence. The items in the rows can be edited by appropriate forms, such as through dialogs for targets and criteria (modules), edit fields for network addresses, and selection boxes for actions and protocols, among others.
Ipt_fw is a firewall for Linux based on iptables. It is designed for client systems. Ipt_fw outputs a shell script containing iptables commands, so inspection of the settings it creates is easy. The configuration files are made in LibreOffice（OpenOffice）Calc. Making of the firewall and a machine using the firewall are separated. It allows you to set the user level and features detailed logging, IP address blacklist management, and iptables integrity.
StopHack is a simple to use and easy to install intrusion prevention system. It is fully adaptable and easily customized to your environment. It is built on top of proven bandwidth arbitration technology so the traffic passing through it won't be slowed down. Every packet is analyzed with regular expression-based behavior anomaly detection, and hackers are blocked immediately. It prevents reflected cross-site scripting, SQL injection, directory traversal, reflected URL redirects, login brute forcing, remote shell execution, and more.
Membrane SOAP Router is a modular SOAP intermediary written in Java. It is fully configurable due to Spring style configuration. You can audit SOAP traffic, route messages through DMZ, and gather performance statistics. The small memory consumption of less than 20 Megabytes makes it possible to run an instance of Membrane SOAP Monitor on any computer that provides or consumes Web services.
'blaze' is a Netfilter iptables firewall script that is meant to be ridiculously easy to use, pretty basic, but powerful enough to handle a box with multiple NICs to support gateway usage, possibly with NAT. Setup should take no more than five minutes. Logging is not currently supported.