Modbus/TCP is an open automation protocol used in a variety of SCADA, PLC, and industrial IO applications. Modbusfw is a Linux 2.4.x Netfilter Extension that permits filtering decisions (DROP, REJECT, etc.) based on application-layer values, allowing finer-grained access control than is currently possibly by simply blocking TCP port 502.
TrafficWatch is a system for accounting Internet traffic in a residential college or school type of environment. It consists of a set of scripts and Web pages for accounting for each user's Internet usage by volume, and is currently capable of accounting for both Squid proxy traffic and direct IPv4 traffic.
fwlog receives packets from iptables, and logs the header data. It supports IPv4, ICMP, UDP, and TCP packets. It translates IP addresses, protocol IDs, and TCP and UDP port numbers into human- readable names. It receives the packet information via the ULOG kernel module, and is similar to the ulog daemon provided by Harald Welte.
Pacemaker is a dynamic rate-limiting script that watches network traffic and determines which machines are probably abusing your network. Pacemaker catches things like Windows worm scans, port scans, P2P network traffic, and anything else that tries to go beyond the normal number of connections a standard machine should use. The machine needs to abuse the network for two minutes before pacemaker will mark the IP address to be rate-limited. A machine will stay marked for as many minutes as it has abused the network.