QDPF was written to solve the problem of exposing internal services to the Internet. It runs on machines which bridge two networks and forwards TCP/IP packets from one to the other. Its main use is to expose corporate or Intranet services to the Internet, by running it on an intervening machine. TCP sessions can also be followed in detail using the 'trace' option. QDPF is a Java console application.
Yafig is a LAMP-based firewall rule generator that creates shell scripts for use with Linux netfilter/iptables. The user interface is similar to the FireWall-1 policy editor. Its main features are Web-based host, network, and service management. support for multiple policies with individual password protection, shared objects for multiple policies, support for chains (default and custom), and architecture independence.
cp2fwbuilder (Checkpoint Firewall 1 to FwBuilder) helps you to migrate an existing Checkpoint Firewall 1 installation and its rulesets to Linux with iptables or a BSD-based firewall. This is done by converting the Rulebase- and the Objects-database from Checkpoint to the FirewallBuilder XML Format.
IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
fwmon is a firewall monitor for Linux. It integrates with ipchains/iptables to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary with hex and ASCII data dumps to stdout, a logfile, tcpdump-style capture files, and even syslog. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.
The traffic shaper is a sophisticated but easy-to-use shell script for throttling or granting a certain bandwidth to certain connections. Additionally, it implements an easy-to-configure packet filter. Both parts are based on facilities provided by the Linux 2.4 kernel (iproute2 for the traffic shaper and netfilter with IPTables for the packet filter). The packet filter offers independent SYN/ACK check, and stateful and log rules for each configured rule.