The traffic shaper is a sophisticated but easy-to-use shell script for throttling or granting a certain bandwidth to certain connections. Additionally, it implements an easy-to-configure packet filter. Both parts are based on facilities provided by the Linux 2.4 kernel (iproute2 for the traffic shaper and netfilter with IPTables for the packet filter). The packet filter offers independent SYN/ACK check, and stateful and log rules for each configured rule.
fwLOGview is a graphical, real-time, colorized log viewer for Linux netfilter/iptables, Cisco Pix, *BSD ipfilter, Fortigate, and other logs. It displays the log entries in colors related to the firewall action. You can hide unimportant columns, change the order in which columns are shown, and set filters to focus on important entries.
cp2fwbuilder (Checkpoint Firewall 1 to FwBuilder) helps you to migrate an existing Checkpoint Firewall 1 installation and its rulesets to Linux with iptables or a BSD-based firewall. This is done by converting the Rulebase- and the Objects-database from Checkpoint to the FirewallBuilder XML Format.
The Network Security Policy Compiler (NetSPoC) is a tool for security management of large computer networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware; a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
Anti-censorship tools (proxyTools) consists of a huge Perl application (localProxy) and a set of tools to analyze the user's network (proxies, firewall rules, name servers, etc.). LocalProxy abstracts external services in an uncensored, reliable, fast manner to the localhost, where they may be used by standard clients (Web browsers, Usenet news clients, SOCKS-capable clients, etc.). Various combinations of strategies are tried to ensure the non-censored nature of the information, and multiple, parallel services (e.g. HTTP proxies) are used to ensure reliability and speed. The tools are capable of automating collection of the data required for localProxy. LocalProxy builds a configuration for the user and dynamically adjusts to using the fastest strategies and proxies available to it. The tools are useful for network analysis (firewall rules, proxy capabilities, etc.) independently of localProxy.
Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included.
OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module.