ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
Mail2sh makes it possible to carry out shell commands by email. Email is sent to a particular user on your host and the commands will be carried out if the user and password given matches ones in /etc/passwd. Commands are executed with the user's privileges, and combined with a PGP module ensures a certain level of security for use. Note that the system is not natively encrypted, so use of an encryption mechanism is highly recommended for security reasons.
OpenWrt is a Linux distribution for wireless routers. Instead of trying to cram every possible feature into one firmware, it provides only a minimal firmware with support for add-on packages. For users, this means the ability to custom-tune features, removing unwanted packages to make room for other packages. For developers, it means being able to focus on packages without having to test and release an entire firmware.
Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the related architecture. HIP is a proposal to change the TCP/IP stack to securely support mobility and multi-homing. Additionally, it provides for enhanced security and privacy and advanced network concepts, such as moving networks and mobile ad hoc networks. HIP is "cool", which means that as a mobile VPN solution, when your network interfaces go up or down, there is no need to re-establish a secure tunnel.
flashboot for OpenBSD is a set of makefiles, scripts, and support tools to build an OpenBSD image suitable for booting from read-only media, such as flash memory. The default image (smaller than 5Mb) is an image for a firewall/router with support for IPsec, SSH, IPv4 and IPv6 packet filtering, DHCP (client and server), and PPPoE. This image may be further trimmed or extended by editing the packing list files included in the distribution.
ROPE is an open-ended iptables match module that allows rules to be written using a simple but powerful scripting language. It is designed for controlling complex high-level protocols that cannot be blocked using traditional criteria based on port numbers (etc.). Criteria can include tests on any field of the IP, UDP, or TCP headers as well as the packet data payload.