pdumpq can be used to take queued packets from netfilter/iptables and dump them to a file that decoders like tcpdump, ethereal, and snort can read. You can also just pipe it through to the packet decoder and see what is in those packets as they come in. This is also an easy way to populate your snort alert database with iptables data. Its features include automatic dumpfile rotation, filter on firewall marks and issue per-mark verdicts, and optional emailing of decoded packet dumps.
TrustWall HTTP Proxy protects your internal Web server by acting as an inbound proxy (like a reserve Squid proxy). It can also work as a secure outbound proxy to protect your browser client. It allows you to inspect almost every detail of the HTTP protocol headers, including the URL request line, the server version, user-agent, referrer, cookie, query, etc., in a easy-to-use script-like configuration file. This program is generally considered an "Expert Tool"; you will need knowledge of the HTTP protocol to configure the proxy properly.
The Firewall Tester is a tool designed for testing firewalls' filtering policies. It includes an Intrusion Detection System testing feature, along with a packet generator tool and a sniffer. Unlike common firewall testing tools or packet generators, ftester is capable of generating network traffic that will look like real connections to the firewall or IDS system tested, which allows users to test stateful inspection firewalls (like netfilter or ipfilter) and IDS (like snort).
http_filter is an HTTP tunnel with filtering and multiplexing. It runs on a firewall, sitting in front of not-so-secure Web servers (like IIS), and it accepts requests, applies a set of rules to them, and allows the requests to be passed through to the back-end Web server only if they pass all filters. The rules can be defined globally or per-server.
Joseph is a Python class and program that parses config files into iptables commands. It supports ACL definitions to reduce the repetition of rules. The config file format is a custom, native English-like format that supports internal, external, and DMZ interfaces with allowed, masqueraded, and redirected services (ports).
EndoShield is a fully configurable firewall that will run under a 2.2 or 2.4 Linux kernel (ipchains or iptables). It requires no knowledge of firewalls or how ipchains or iptables works. It is perfect for home users wanting to secure their systems, but can also be configured for internet connection gateways or server systems.
Devil-Linux is a special secure Linux distribution which is used for firewalls, routers, gateways, and servers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk or USB stick, and it has several optional packages. Devil-Linux boots from CD, but can be stored on CF cards or USB sticks.