Campagnol is a distributed IP-based VPN program able to open new connections through NATs or firewalls without any configuration. It uses UDP for the transport layer, and utilizes tunneling and encryption (with DTLS) and the UDP hole punching NAT traversal technique. The established connections are P2P.
OpenFWTK is an application proxy toolkit which inherits the ideology of TIS fwtk and maintains API backwards compatibility. The design goal is to make it simple yet powerful; no performance hacks are allowed in the code and library dependencies are reduced to a minimum. It is a true application layer filter. It features unified pluggable content inspection for the most frequently used protocols, NAC (Network Admission Control), and the ability to define fine-grained Internet access policy based on browser identification.
mxallowd is a daemon for Linux Netfilter (using libnetfilter-queue) and BSD pf (using pflog) which implements a slightly improved nolisting mechanism. It requires your name server to be configured to return two MX IP addresses, and the one with higher priority must not run a mail server on port 25. mxallowd blocks attempts to connect to the mail server unless the sender tries to connect to the first mail server before the second. Since most spammers will attempt direct connections to each mail server, they will be blocked.
FreeBSDShield is a DShield.org reporting client for FreeBSD and the ipfw firewall. It allows you to report attempted security breaches to the DShield cooperative firewall logging effort, which in turn helps the Internet Storm Center (and netizens at large) track trends in network security and catch emerging vulnerabilities.
The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
OpenBSD Live-CD Firewall is an OpenBSD-based pf (packet filter) firewall, with NAT, squid, DNS, and a DHCP server (dnsmasq) for internal clients preconfigured. Settings and log files can be saved to a USB device. Saved settings will be restored at the next reboot. Additional security related software is available on the CD (arpwatch, honeyd, ntop, portsentry, etc.)
Tableutil is a utility for converting, aggregating, and performing operations (currently unions, differences, complements, and intersections) on lists of IP addresses. Its primary use is to convert files into a format pfctl(8) can read. It can read plain-text files with ranges (184.108.40.206-220.127.116.11), CIDR-style networks (192.168.0.0/24), single addresses (242.242.242.242), or host names (one.two.com). It can also read p2b files, the preferred file-format of PeerGuardian.