The Horatio system is a firewall authentication tool. The premise: legitimate users want to attach laptops and other mobile hosts to the network, but security demands that illegitimate users be prevented from accessing the internal, secure network and from abusing the general Internet. The approach taken by Horatio is to provide a separate, untrusted network that only connects to the internal network (and thus to the Internet) through a firewall that by default does not pass any traffic. When a legitimate user connects his or her host, it is assigned an address by a DHCP server (such as dhcpd), but is unable to contact anything outside the untrusted network. The user must point a Web browser at the Horatio web server, which runs on the firewall machine, and provide a username and password. Once the username and password have been validated, the firewall rules are modified to allow the host access to the rest of the network.
Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the related architecture. HIP is a proposal to change the TCP/IP stack to securely support mobility and multi-homing. Additionally, it provides for enhanced security and privacy and advanced network concepts, such as moving networks and mobile ad hoc networks. HIP is "cool", which means that as a mobile VPN solution, when your network interfaces go up or down, there is no need to re-establish a secure tunnel.
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
IP Filter is a TCP/IP packet filter suitable for use in a firewall environment. To use, it can either be run as a loadable kernel module (recommended) or incorporated into your kernel. Scripts are provided to install and patch system files as required. IP Filter also supports transparent proxying via packet forwarding, including round-robin forwarding to achieve load-balanced proxy.
The IP Masquerade HOWTO is the document that contains instructions on understanding, configuring, and troubleshooting NAT or Network Address Translation for Linux. It covers topics such as IPTABLES, PORTFW, IPCHAINS, IPFWADM, stronger packet firewalls, multiple network segments, and configuring many client operating systems. It also has an extensive FAQ and troubleshooting section.
IP-Array is a Linux iptables firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, traffic shaping (creation of custom HTB and SFQ qdiscs, classes, and filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.