Dante is a free implementation of the proxy protocols SOCKS version 4 and SOCKS version 5 (RFC 1928). It can be used as a firewall between networks, controlling outgoing traffic. The package consists of two parts: a socks server and a proxy client that supports socks, HTTP proxies, and UPnP. RFC 1961 (GSSAPI) is supported in both the client and the server. Commercial support is available.
Zorp is a proxy firewall suite with its core architecture is built around today's security demands: it uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
FrazierWall Linux is a single floppy distribution Linux firewall that is based on the Linux Router Project. It is designed for use with ethernet base internet connections (such as cable modems or xDSL lines). It allows you to share such a connection with several other computers on a LAN. It is easy to setup and maintain, and is available in a Linux configurable software version.
XOTcl provides a highly flexible, reflective, component-based object oriented environment that integrates language support for high level object oriented concepts (which are not found in other languages) with reasonable performance. XOTcl is an extension of TCL and was derived from the impressive OTcl language developed by D. Wetherall and C. Lindblad at MIT in 1995 and extended in various ways. XOTcl's language constructs explicitly aim at the complexity in a component gluing layer that is not solved by traditional object orientation in the style of C++ or Java.
Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.
Harm acts as a four-way socket redirector that allows you to effectively make a TCP connection from the Internet to a host behind a Linux masquerade-style firewall. The server (behind the firewall) makes connections to the client (on the Internet). After a successful connection, it will bounce packets from a telnet client (Windows and Linux) to the Harm client, to the Harm server (Linux only), or to the telnet daemon behind the firewall.
Joseph is a Python class and program that parses config files into iptables commands. It supports ACL definitions to reduce the repetition of rules. The config file format is a custom, native English-like format that supports internal, external, and DMZ interfaces with allowed, masqueraded, and redirected services (ports).
rc.firewall is configurable for dialup and static IP addresses. It is based on Linux-kernel 2.4.x, and it generates it's own configuration file. It supports specific port filtering for the internet- , intranet-, and a dmz-zone. For the DMZ-Zone, there is also a machine-specific port filtering, and redirection of specific ports of the internet-interface available. Note: Do not install this in productive environments, until you have checked the rules/tables with your own eyes.