ferm is a tool to maintain and setup complicated firewall rules. It allows one to reduce the tedious task of carefully inserting rules and chains, thus enabling the firewall administrator to spend more time on developing good rules, and less time on the proper implementation of those rules. These rules will be executed by the preferred kernel interface, such as ipchains and iptables, and in one pass. Firewall rules can also be split into different files and loaded at will.
m0n0wall is an all-in-one firewall software package that is based on FreeBSD. It is geared towards embedded PCs, but it also works on standard PCs. It includes an easy-to-use Web interface like commercial firewall boxes do. PHP is used instead of shell scripts, and the entire system configuration is stored in a single XML-formatted file. There is support for VPN, traffic shaping, captive portal, VLANs, and more.
LFT (Layer Four Traceroute) is a sort of "traceroute" that often works much faster than the commonly-used Van Jacobson method and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features, including TCP, UDP, or ICMP-based traces, AS number lookups through several reliable sources, loose source routing, netblock name lookups, and more. LFT also distinguishes between layer-4 protocols, which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 hops.
Coyote Linux is a mini distribution designed for setting up network utility services such as Internet connection sharing, firewalling, or wireless access points. The goal is to make it as quick and easy as possible to set up a Linux system with only a minimal amount of Linux knowledge.
Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
redWall is a bootable CD-ROM firewall which focuses on Web-based reporting of the firewall's status. It includes Snort, snortsam, dansguardian, and support for fwbuilder, squidguard, reporting (using BASE/sarg/ntop/webfwlog), VPN (Openswan/PoPToP/Openvpn), Spam Filtering (spamassassin, dcc, razor2, clamav, amavis-new, dspam and maia mailguard), and mail-based, alerting. Configuration data are stored on a floppy or USB disk.
Nmap ("Network Mapper") is a utility for network exploration, administration, and security auditing. It uses IP packets in novel ways to determine which hosts are available online (host discovery), which TCP/UDP ports are open (port scanning), and what applications and services are listening on each port (version detection). It can also identify remote host OS and device types via TCP/IP fingerprinting. Nmap offers flexible target and port specifications, decoy/stealth scanning for firewall and IDS evasion, and highly optimized timing algorithms for fast scanning.