Alt+Connect manages dialup connections, allowing a group of networked machines to share a single Internet connection through their server. Custom client software lets users to start or stop their internet connection, and the server (connectd) ensures that the connection remains up only while someone's using it. Features include support for multiple ISPs and links (modems or ISDN channels), connection control lists, ability to record the time a user spends online and charge him for it, and the ability to enable and disable IP forwarding as a machine starts or stops using the Internet.
The Bait and Switch Honeypot System combines the snort Intrusion Detection System (IDS) with honeypot technology to create a system that reacts to hostile intrusion attempts by marking and then redirecting all "bad" traffic to a honeypot that partially mirrors your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data, while your clients and/or users are still safely accessing the real system. Life goes on, your data is safe, and you get to learn about the bad guy as an added benefit. It works with Snort 1.9.0, 1.9.1, and 2.0.2.
Dante is a free implementation of the proxy protocols SOCKS version 4 and SOCKS version 5 (RFC 1928). It can be used as a firewall between networks, controlling outgoing traffic. The package consists of two parts: a socks server and a proxy client that supports socks, HTTP proxies, and UPnP. RFC 1961 (GSSAPI) is supported in both the client and the server. Commercial support is available.
OpenBSD Live-CD Firewall is an OpenBSD-based pf (packet filter) firewall, with NAT, squid, DNS, and a DHCP server (dnsmasq) for internal clients preconfigured. Settings and log files can be saved to a USB device. Saved settings will be restored at the next reboot. Additional security related software is available on the CD (arpwatch, honeyd, ntop, portsentry, etc.)
OpenFWTK is an application proxy toolkit which inherits the ideology of TIS fwtk and maintains API backwards compatibility. The design goal is to make it simple yet powerful; no performance hacks are allowed in the code and library dependencies are reduced to a minimum. It is a true application layer filter. It features unified pluggable content inspection for the most frequently used protocols, NAC (Network Admission Control), and the ability to define fine-grained Internet access policy based on browser identification.
Qtfw is a Qt GUI frontend for FreeBSD's ipfw utility. It helps configure the firewall in FreeBSD with a nice and comprehensive user interface. User can edit rules in the current list, save rules for future use, configure kernel sysctl variables, and finally, create shell script from qtfw rules.