Firekeeper is an intrusion detection and prevention system for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser-based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.
Amber sits in the tcpserver chain for qmail and implements an "amber list" for incoming mail. This neither accepts nor rejects connections, but implements a number of timing-related tricks to fake out spam and virus software that doesn't implement SMTP correctly. For example, it can defer requests from new IP addresses for a few minutes before it starts passing connections on to smtpd, pause and check for programs that send data before the HELO, and otherwise make things rough for bandit bulk mailers.
lsfw (list firewall) helps network administrators deal with firewalling on a huge network. It lists the firewalls rules applied between two points on the network. It uses the configuration of the network equipment and builds a (light) model of the network described by the equipment. This allows probing for access-list matching all over the network, doing routing and firewalling.
Isinglass is a firewall setup script designed to protect dial-up users. It protects a user's system against security holes in programs user may not even know are running. Most users can run it "out of the box" without any configuration required. It will automatically detect network interfaces and IP addresses. isinglass-hzd is an unofficial bugfix/2.2 support release.
Brcontrol is a set of patches to allow some interaction between an IDS and a firewall. Currently, snort is supported as an IDS, and the netfilter facility of Linux is supported as a firewall. Brcontrol can help in the creation of aggresive honeypots or other advanced firewall and IDS configurations. It can also work as a bridge.