BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. This version runs on Linux, FreeBSD, and OpenBSD. BlockIt has built-in CIDR support for multiple target IPs and whitelist support. Additional features include MySQL logging and email logging.
Jay's Iptables Firewall is a bash script that allows one to easily install and configure a firewall on a Linux system. It was initially written for use on a home LAN, but can be extend to any type of network. It features support for multiple (external/internal) interfaces, TCP/UDP/ICMP control, masquerading, synflood control, spoofing control, port forwarding from specific interfaces, VPNs, ToS (bandwith managment), denying hosts (IP or MAC address), ZorbIPTraffic, Spyware list IP, Pre/Post scripts, log options, and more. The firewall is able to launch custom iptables rules, and the configuration of the firewall is assisted by an optional, interactive, curses-based Perl script.
Bandwidth Management Tools is a total bandwidth management solution for Linux and can be used for firewalling, traffic graphing, and shaping. It is not based on any currently-available bandwidth management software and supports packet queues, bursting, complex traffic flow hierarchies, flow groups, traffic logging, and a simple real-time monitoring front-end.
IPsec-Tools is a Linux port of the user-space tools from KAME. It includes libipsec (a library with a PF_KEY implementation), setkey (a tool for manipulating and dumping the kernel Security Policy Database and Security Association Database), and racoon (Internet Key Exchange daemon for automatically keying IPsec connections).
libnfnetlink is a low-level userspace library for nfnetlink-based communication between the kernel-side netfilter and the user-space world. It is therefore the fundamental layer for all other nfnetlink-enabled user-space programs interfacing with the netfilter subsystem of the Linux kernel.
eurephia is an authentication plug-in for OpenVPN. It enhances the OpenVPN authentication process by using user name and password authentication in addition to SSL certificates. If too many failed attempts are registered, the user account and/or IP address will be blocked. For Linux servers, iptables support is also included, which can be used to restrict each user's network access through the VPN channel. OpenVPN 2.2 or later is required.
The Sentry Firewall CD is a Linux-based bootable CD-ROM, suitable for use as an inexpensive and easy to maintain firewall, router, server, or IDS (Intrusion Detection System) node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk or on a remote server.
Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.