Dante is a free implementation of the proxy protocols SOCKS version 4 and SOCKS version 5 (RFC 1928). It can be used as a firewall between networks, controlling outgoing traffic. The package consists of two parts: a socks server and a proxy client that supports socks, HTTP proxies, and UPnP. RFC 1961 (GSSAPI) is supported in both the client and the server. Commercial support is available.
rc.firewall is configurable for dialup and static IP addresses. It is based on Linux-kernel 2.4.x, and it generates it's own configuration file. It supports specific port filtering for the internet- , intranet-, and a dmz-zone. For the DMZ-Zone, there is also a machine-specific port filtering, and redirection of specific ports of the internet-interface available. Note: Do not install this in productive environments, until you have checked the rules/tables with your own eyes.
Alt+Connect manages dialup connections, allowing a group of networked machines to share a single Internet connection through their server. Custom client software lets users to start or stop their internet connection, and the server (connectd) ensures that the connection remains up only while someone's using it. Features include support for multiple ISPs and links (modems or ISDN channels), connection control lists, ability to record the time a user spends online and charge him for it, and the ability to enable and disable IP forwarding as a machine starts or stops using the Internet.
UCARP allows a pair of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent- free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to VRRP). Strong points of the CARP protocol include its very low overhead, cryptographically signed messages, interoperability between different operating systems and no need for any dedicated extra network link between redundant hosts.
SOHT (Socket over HTTP Tunneling) allows you to tunnel socket connections through an HTTP proxy. Restrictive firewalls often prohibit all outgoing trafic except for HTTP. This application allows you to tunnel socket connections over the HTTP protocol. This application consists of a server that serves as a proxy and a client which tunnels a socket connection over an HTTP connection to the server. The current server is written in Java, and there are clients in Java and .NET.
pfSense is a m0n0wall-derived operating system platform with radically different goals, such as using Packet Filter, FreeBSD 6.x (or DragonFly BSD when ALTQ and CARP is finished) ALTQ for excellent packet queueing, and an integrated package management system for extending the environment with new features.
Qtfw is a Qt GUI frontend for FreeBSD's ipfw utility. It helps configure the firewall in FreeBSD with a nice and comprehensive user interface. User can edit rules in the current list, save rules for future use, configure kernel sysctl variables, and finally, create shell script from qtfw rules.