Joseph is a Python class and program that parses config files into iptables commands. It supports ACL definitions to reduce the repetition of rules. The config file format is a custom, native English-like format that supports internal, external, and DMZ interfaces with allowed, masqueraded, and redirected services (ports).
YpFw is a frontend to ipfw and dummynet. It was developed to ease the setting and managing of ipfw rules and dummynet pipes on FreeBSD. It features a curses text interface, which allows the user to add/delete rules, update/clear rules counters, and add/delete/configure pipes. It is not meant as a replacement to ipfw; the user will need to understand ipfw and dummynet rules and syntax.
fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.
Endian Firewall is an all-in-on Linux security distribution that turns any system into a full-featured security appliance. It features a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, POP3, SMTP), anti-virus support, virus and spam filtering for email traffic (POP and SMTP), content filtering of Web traffic, and a "hassle free" VPN system based on OpenVPN.
Zorp is a proxy firewall suite with its core architecture is built around today's security demands: it uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
'NTLM Authorization Proxy Server' (APS) is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol. APS has the ability to behave as a standalone proxy server and authenticate HTTP clients at Web servers using the NTLM protocol. It can change arbitrary values in your client's request headers so that those requests will look like they were created by MS IE. It is written in Python 1.5.2.
DAXFi is a Python script that helps configure several different kinds of firewalls in a consistent way. It can run as daemon to adapt its behavior to external conditions; rules can be described with XML files, XML strings, or generated directly by the code; the program can be configured and extended with a sort of plug-ins written in Python. It comes with a Python package, useful to build other applications aimed to manipulate different firewalls in a uniform way (some example programs are included).