Dante is a free implementation of the proxy protocols SOCKS version 4 and SOCKS version 5 (RFC 1928). It can be used as a firewall between networks, controlling outgoing traffic. The package consists of two parts: a socks server and a proxy client that supports socks, HTTP proxies, and UPnP. RFC 1961 (GSSAPI) is supported in both the client and the server. Commercial support is available.
UCARP allows a pair of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent- free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to VRRP). Strong points of the CARP protocol include its very low overhead, cryptographically signed messages, interoperability between different operating systems and no need for any dedicated extra network link between redundant hosts.
SOHT (Socket over HTTP Tunneling) allows you to tunnel socket connections through an HTTP proxy. Restrictive firewalls often prohibit all outgoing trafic except for HTTP. This application allows you to tunnel socket connections over the HTTP protocol. This application consists of a server that serves as a proxy and a client which tunnels a socket connection over an HTTP connection to the server. The current server is written in Java, and there are clients in Java and .NET.
OpenFWTK is an application proxy toolkit which inherits the ideology of TIS fwtk and maintains API backwards compatibility. The design goal is to make it simple yet powerful; no performance hacks are allowed in the code and library dependencies are reduced to a minimum. It is a true application layer filter. It features unified pluggable content inspection for the most frequently used protocols, NAC (Network Admission Control), and the ability to define fine-grained Internet access policy based on browser identification.
pfSense is a m0n0wall-derived operating system platform with radically different goals, such as using Packet Filter, FreeBSD 6.x (or DragonFly BSD when ALTQ and CARP is finished) ALTQ for excellent packet queueing, and an integrated package management system for extending the environment with new features.
OpenBSD Live-CD Firewall is an OpenBSD-based pf (packet filter) firewall, with NAT, squid, DNS, and a DHCP server (dnsmasq) for internal clients preconfigured. Settings and log files can be saved to a USB device. Saved settings will be restored at the next reboot. Additional security related software is available on the CD (arpwatch, honeyd, ntop, portsentry, etc.)