GreenSQL is a database firewall used to protect databases from SQL injection attacks. GreenSQL works in a proxy mode and has built-in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix, as well as blocking known DB administrative commands (such as DROP and CREATE).
proxymin is an easy-to-use graphical interface to configure commonly needed Squid ACLs. It allows for fine grained permission management based on users, hosts, and groups. The HTTP, HTTPS, and FTP protocols are currently supported. proxymin has been tested with several hundreds of managed accounts. All major features have been implemented and tested.
eurephia is an authentication plug-in for OpenVPN. It enhances the OpenVPN authentication process by using user name and password authentication in addition to SSL certificates. If too many failed attempts are registered, the user account and/or IP address will be blocked. For Linux servers, iptables support is also included, which can be used to restrict each user's network access through the VPN channel. OpenVPN 2.2 or later is required.
The IPtables Firewall Webmin Module helps you easily administrate an iptables firewall over a Web interface with the Webmin Look and Feel. It has three modes: Newbie (select between 5 predefined security levels), Template (configure on a per Interface/per Protocol base) and expert (rule iptables as a guru has to).
NetUP UTM is a universal billing system for internet service providers of any size. Its modern approach to traffic accounting makes the system compatible with all popular platforms and network devices. Its key features include realtime traffic processing, Cisco Netflow and IP Accounting data collection, support for RADIUS authentication, and cross-platform compatibility. The core of the system is a smart and reliable accounting engine working directly with network equipment. It supports up to 100,000 users at a total speed of up to 3 Gbps. A flexible ratings engine and efficient administration tools make UTM a complete solution for IP/VoIP/WiFi/dial-up billing.
JSTUN is a STUN (Simple Traversal of UDP (User Datagram Protocol) through NAT (Network Address Translation)) implementation. STUN provides a means for applications to discover the presence and type of firewalls or NATs between them and the public Internet. In the presence of a NAT, STUN can also be used by applications to learn the public Internet Protocol (IP) address assigned to the NAT.
Firewall Log Daemon is a program written in C which will watch for ipchains or iptables log alerts in realtime. The program will start a small daemon process that parses and resolves firewall logs by reading a FIFO that syslog writes to. It can queue a batch of alerts and mail them to you, or can be used in a script to crunch an existing log file or data stream. It features hostname, port, protocol, and ICMP type/code lookup, with output formatted by a user-defined template.
Vyatta is a Linux-based routing and security distribution. It is meant to deliver a flexible, affordable alternative to Cisco 1800 through 7200 series routers. Vyatta is also a great virtual router, virtual firewall, virtual security solution for VMware, Xen, XenServer, and KVM virtualization projects.
Gargoyle is an interface for small, widely available routers such as the Linksys WRT54G series and the La Fonera. It provides functionality above and beyond what the default software provides including sophisticated dynamic DNS, quality of service, and bandwidth monitoring tools. The primary goal is to provide a polished interface for these advanced tools that is at least as easy to configure as any existing firmware. This project is based on top of OpenWrt, but unlike other Web interfaces for OpenWrt it places a strong focus an usability and is meant for average users, not just power users.
vpnd is a daemon which connects two networks on network level either via TCP/IP or a (virtual) leased line attached to a serial interface. All data transfered between the two networks are encrypted using the unpatented free Blowfish encryption algorithm with a key length of up to 576 bits (may be downgraded to a minimum of 0 bits to suit any legal restrictions).