lsfw (list firewall) helps network administrators deal with firewalling on a huge network. It lists the firewalls rules applied between two points on the network. It uses the configuration of the network equipment and builds a (light) model of the network described by the equipment. This allows probing for access-list matching all over the network, doing routing and firewalling.
FreeBSDShield is a DShield.org reporting client for FreeBSD and the ipfw firewall. It allows you to report attempted security breaches to the DShield cooperative firewall logging effort, which in turn helps the Internet Storm Center (and netizens at large) track trends in network security and catch emerging vulnerabilities.
Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
Tableutil is a utility for converting, aggregating, and performing operations (currently unions, differences, complements, and intersections) on lists of IP addresses. Its primary use is to convert files into a format pfctl(8) can read. It can read plain-text files with ranges (22.214.171.124-126.96.36.199), CIDR-style networks (192.168.0.0/24), single addresses (242.242.242.242), or host names (one.two.com). It can also read p2b files, the preferred file-format of PeerGuardian.
pflogx is a simple tool that exports OpenBSD packet filter logs to XML files. It reads a binary log file generated by the pf logging daemon (pflogd) and generates a human-readable and exploitable XML file. Using an XSLT processor you can convert this XML file to any other format, such as HTML, CSV, or SQL.