rc.firewall is configurable for dialup and static IP addresses. It is based on Linux-kernel 2.4.x, and it generates it's own configuration file. It supports specific port filtering for the internet- , intranet-, and a dmz-zone. For the DMZ-Zone, there is also a machine-specific port filtering, and redirection of specific ports of the internet-interface available. Note: Do not install this in productive environments, until you have checked the rules/tables with your own eyes.
Lokiwall is a firewall script for Linux. In addition to the standard function of easily limiting network traffic, it features dual routing (using two Internet connections simultaniously), connection fail-over, load balancing, traffic control, advanced masquerading, advanced DNAT, and advanced marking (to direct specific traffic to a certain interface). The advanced features require some kernel patches. The standard features will work on a default Linux system with iptables and iproute2.
vpn-shaper is a dynamic traffic shaper for openvpn, poptop, and similar programs, using iproute2. It allows shaping of traffic between many users conected to one server, and it supports different prioritiy schemes for different users and different types of traffic. Trafic shaping uses the HTB qdisc. Prioritization uses l7-filter and ipp2p and some of the patch-o-matic extensions. Classification of trafic in HTB classes is done by using the IPMARC patch-o-matic extension. vpn-shaper requires the IPMARK patch-o-matic extension, connmark iptables match, and HTB qdisc.
Swan is a bandwidth manager and Internet gateway that effectively controls and manages the collective bandwidth of an organization. As an Internet gateway it includes a transparent proxy, caching engine, access control lists, caching DNS server, logging and monitoring tools, an authentication mechanism, bandwidth clubbing, and policy management. It is ideal for ISPs, corporations, schools, colleges, etc. Both GUI and console-based interfaces are available for controlling the software. Installation is through a bootable CD that automatically formats the system.
Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included.
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.
MailScanner is an email virus scanner, vulnerability protector, and spam tagger. It supports the Postfix, Sendmail, Exim, Qmail, and ZMailer MTAs, and the Sophos, McAfee, F-Prot, F-Secure, CommandAV, InoculateIT, Inoculan, eTrust, Kaspersky, Nod32, AntiVir, BitDefender, RAV, Panda, DrWeb, ClamAV, and other anti-virus scanners. It uses SpamAssassin for highly successful spam identification, and is designed to handle denial of service attacks. It will detect password-protected zip files and apply filename checking to their contents. It is very easy to install, requires no changes at all to your sendmail.cf file, is designed to be lightweight, and won't grind your mail system to a halt with its load. It can be integrated into any email system, regardless of the software in use.