The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
vpnd is a daemon which connects two networks on network level either via TCP/IP or a (virtual) leased line attached to a serial interface. All data transfered between the two networks are encrypted using the unpatented free Blowfish encryption algorithm with a key length of up to 576 bits (may be downgraded to a minimum of 0 bits to suit any legal restrictions).
OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module.
mxallowd is a daemon for Linux Netfilter (using libnetfilter-queue) and BSD pf (using pflog) which implements a slightly improved nolisting mechanism. It requires your name server to be configured to return two MX IP addresses, and the one with higher priority must not run a mail server on port 25. mxallowd blocks attempts to connect to the mail server unless the sender tries to connect to the first mail server before the second. Since most spammers will attempt direct connections to each mail server, they will be blocked.
UCARP allows a pair of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent- free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to VRRP). Strong points of the CARP protocol include its very low overhead, cryptographically signed messages, interoperability between different operating systems and no need for any dedicated extra network link between redundant hosts.
bdmn is client/server-oriented backup system. The daemon runs on the machine being backed up, and the client runs on the machine that stores the backup. It is very simple, but very fast. It only uses tar, gzip, uuencode, and Perl, so it is portable to many operating systems. It includes a very simple access control system for itself.
NatACL is a Linux firewall group policy controller for intranets and Internet. Using a internal DHCP server, it can force users to use a DHCP client, and you can block static IPs. It will bind an IP to a MAC address and enforce this usage. You can control groups that can see each other with intranet policies, or control who has access to the Internet. It also has an option to force users to authenticate themselves over the Web before accessing the Internet.
pflogx is a simple tool that exports OpenBSD packet filter logs to XML files. It reads a binary log file generated by the pf logging daemon (pflogd) and generates a human-readable and exploitable XML file. Using an XSLT processor you can convert this XML file to any other format, such as HTML, CSV, or SQL.