The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module.
vpnd is a daemon which connects two networks on network level either via TCP/IP or a (virtual) leased line attached to a serial interface. All data transfered between the two networks are encrypted using the unpatented free Blowfish encryption algorithm with a key length of up to 576 bits (may be downgraded to a minimum of 0 bits to suit any legal restrictions).
Firewall Builder for PIX hides the complexity of PIX command line interface and automatically configures options and parameters that usually make manual configuration a real chore. With this module, the same workstation running Firewall Builder can create and manage security policy on Cisco PIX or FWSM firewalls, as well as on firewalls built with iptables, OpenBSD pf, or ipfilter.
UCARP allows a pair of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent- free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to VRRP). Strong points of the CARP protocol include its very low overhead, cryptographically signed messages, interoperability between different operating systems and no need for any dedicated extra network link between redundant hosts.
mxallowd is a daemon for Linux Netfilter (using libnetfilter-queue) and BSD pf (using pflog) which implements a slightly improved nolisting mechanism. It requires your name server to be configured to return two MX IP addresses, and the one with higher priority must not run a mail server on port 25. mxallowd blocks attempts to connect to the mail server unless the sender tries to connect to the first mail server before the second. Since most spammers will attempt direct connections to each mail server, they will be blocked.