Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway that includes a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. Features include a modern packet filter, intrusion detection and prevention, portscan detection, application control, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.
ClarkConnect is a powerful yet easy-to-use server/gateway software solution designed for the small/medium-sized organization. The software provides all the necessary server tools to run an organization: email, antivirus, antispam, file sharing, groupware, VPN, firewall, intrusion detection/prevention, content filtering, bandwidth management, multi-WAN and more.
DeleGate is a multi-purpose application level gateway or proxy server that mediates communication of various protocols, applying cache and conversion for mediated data, controlling access from clients, and routing toward servers. It translates protocols between clients and servers, converting between IPv4 and IPv6, applying SSL (TLS) to arbitrary protocols, merging several servers into a single server view with aliasing and filtering. It can be used as a simple origin server for some protocols (HTTP, FTP, and NNTP).
The Falcon Project (Free Application-Level CONnection kit) is an open firewall project with the intention of developing a free, secure and OS-independent firewall system. Falcon consists of three major modules: Falcons's own proxies (written in Perl); 3rd-party proxies (squid / qmail / BIND8), each modified for chroot environment; and general concepts for OS hardening, chrooting etc.
IP Filter is a TCP/IP packet filter suitable for use in a firewall environment. To use, it can either be run as a loadable kernel module (recommended) or incorporated into your kernel. Scripts are provided to install and patch system files as required. IP Filter also supports transparent proxying via packet forwarding, including round-robin forwarding to achieve load-balanced proxy.
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
IsinGlass is a firewall setup script designed to protect dial-up users (but also useful for others). It protects your system against security holes in programs the user may not even know they're running. Most users can run it "out of the box" without any configuration required. It will automatically detects network interfaces and IP addresses. Now works with ipchains.