Brazilfw is a mini-distribution designed for setting up network utility services such as Internet connection sharing, firewalling, or wireless access points. The goal is to make it as quick and easy as possible to set up a Linux system with only a minimal amount of Linux knowledge. The main goal of BrazilFW is to continue the development of what was the Coyote Linux floppy firewall system.
Brcontrol is a set of patches to allow some interaction between an IDS and a firewall. Currently, snort is supported as an IDS, and the netfilter facility of Linux is supported as a firewall. Brcontrol can help in the creation of aggresive honeypots or other advanced firewall and IDS configurations. It can also work as a bridge.
chownat allows two peers behind two separate NATs and firewalls to establish a direct connection with each other. No port forwarding, DMZ, third party, proxy, spoofing, elevated user privileges, or DNS tricks are required. More importantly, it opens up a tunnel between the two machines so one peer can access a service, such as SSH or a Web server, on the other machine which is also behind a NAT.
CIPE (Crypto IP Encapsulation) is an ongoing project to build encrypting IP routers. The protocol used is as lightweight as possible. It is designed for passing encrypted packets between prearranged routers in the form of UDP packets. This is not as flexible as IPSEC but it is enough for the original intended purpose: securely connecting subnets over an insecure transit network.
If you ever noticed how your SSH/gaming sessions become sluggish when you start downloading something, or how your downloads slow down when you start uploading, and your broadband link is managed by a Linux router/gateway, then you could benefit from using CTShaper. CTShaper reduces link latency by reducing queueing on your side and on your ISP's side. Additionally, it sets up four traffic queues with different priorities and (configurable) flow rates.
Campagnol is a distributed IP-based VPN program able to open new connections through NATs or firewalls without any configuration. It uses UDP for the transport layer, and utilizes tunneling and encryption (with DTLS) and the UDP hole punching NAT traversal technique. The established connections are P2P.