Dante is a free implementation of the proxy protocols SOCKS version 4 and SOCKS version 5 (RFC 1928). It can be used as a firewall between networks, controlling outgoing traffic. The package consists of two parts: a socks server and a proxy client that supports socks, HTTP proxies, and UPnP. RFC 1961 (GSSAPI) is supported in both the client and the server. Commercial support is available.
TrinityOS is a step-by-step, example-driven HOWTO on building a very functional Linux box with strong security in mind. TrinityOS is well known for its strong packet firewall ruleset, Chrooted and Split DNS (v9 and v8), secured Sendmail (8.x), Linux PPTP, Serial consoles and Reverse TELNET, DHCPd, SSHd, UPSes, system performance tuning, the automated TrinityOS-Security implementation scripts, and much more.
The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
LAN Management System (LMS) is a set of database-driven applications capable of managing multiple networks of computers and customers. It uses a Web UI and either a multipurpose daemon written in C or a set of Perl scripts that perform scheduled tasks and configure your system services. It was designed to organize small self-financed networks, but is mature enough to suit the needs of medium sized ISPs. Support for multiple databases and languages are included, and a template system allows it to blend in with your existing infrastructure.
JSTUN is a STUN (Simple Traversal of UDP (User Datagram Protocol) through NAT (Network Address Translation)) implementation. STUN provides a means for applications to discover the presence and type of firewalls or NATs between them and the public Internet. In the presence of a NAT, STUN can also be used by applications to learn the public Internet Protocol (IP) address assigned to the NAT.
libnfnetlink is a low-level userspace library for nfnetlink-based communication between the kernel-side netfilter and the user-space world. It is therefore the fundamental layer for all other nfnetlink-enabled user-space programs interfacing with the netfilter subsystem of the Linux kernel.