fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.
Zorp is a proxy firewall suite with its core architecture is built around today's security demands: it uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
Endian Firewall is an all-in-on Linux security distribution that turns any system into a full-featured security appliance. It features a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, POP3, SMTP), anti-virus support, virus and spam filtering for email traffic (POP and SMTP), content filtering of Web traffic, and a "hassle free" VPN system based on OpenVPN.
DAXFi is a Python script that helps configure several different kinds of firewalls in a consistent way. It can run as daemon to adapt its behavior to external conditions; rules can be described with XML files, XML strings, or generated directly by the code; the program can be configured and extended with a sort of plug-ins written in Python. It comes with a Python package, useful to build other applications aimed to manipulate different firewalls in a uniform way (some example programs are included).
Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
pynetfilter_conntrack is a Python binding for libnetfilter_conntrack that allows you to manipulate Netfilter's stateful inspection objects. This makes it possible to easily close connections and obtain information about connections such as the number of packets and bytes. It could be used to create conntrack entries, replacing heavy kernel modules for complex protocols such as FTP and H323.