proxymin is an easy-to-use graphical interface to configure commonly needed Squid ACLs. It allows for fine grained permission management based on users, hosts, and groups. The HTTP, HTTPS, and FTP protocols are currently supported. proxymin has been tested with several hundreds of managed accounts. All major features have been implemented and tested.
pynetfilter_conntrack is a Python binding for libnetfilter_conntrack that allows you to manipulate Netfilter's stateful inspection objects. This makes it possible to easily close connections and obtain information about connections such as the number of packets and bytes. It could be used to create conntrack entries, replacing heavy kernel modules for complex protocols such as FTP and H323.
pyshaper is a simple yet very versatile dynamic bandwidth manager application for Linux platforms. Most other bandwidth managers (also called 'traffic-shapers'), work on 'static shaping', in other words, by passing a static set of shaping rules to the kernel. pyshaper works by periodically scanning existing TCP connections, matching them against rules, and throttling their bandwidth accordingly in real time.
quicktables is an iptables firewall/NAT (gateway) script generator. It was created to quickly provide a secure set of iptables rules. It will ask you to answer a small handful of questions, and generates your very own personalized firewall script. It supports NAT and no NAT (firewall only) options, default policy of DROP on INPUT and FORWARD chains (all packets dropped), TCP and UDP ACCEPTs on INPUT chain (open ports to the firewall machine), TCP and UPD port forwarding with NAT (forward ports to multiple internal hosts--NAT only), multiple ICMP (ping) options, multiple logging options (syslog - kern.info), explicit host drops, and multiple port forwards for multiple external IP addresses.
rc.firewall is configurable for dialup and static IP addresses. It is based on Linux-kernel 2.4.x, and it generates it's own configuration file. It supports specific port filtering for the internet- , intranet-, and a dmz-zone. For the DMZ-Zone, there is also a machine-specific port filtering, and redirection of specific ports of the internet-interface available. Note: Do not install this in productive environments, until you have checked the rules/tables with your own eyes.
redWall is a bootable CD-ROM firewall which focuses on Web-based reporting of the firewall's status. It includes Snort, snortsam, dansguardian, and support for fwbuilder, squidguard, reporting (using BASE/sarg/ntop/webfwlog), VPN (Openswan/PoPToP/Openvpn), Spam Filtering (spamassassin, dcc, razor2, clamav, amavis-new, dspam and maia mailguard), and mail-based, alerting. Configuration data are stored on a floppy or USB disk.