ferm is a tool to maintain and setup complicated firewall rules. It allows one to reduce the tedious task of carefully inserting rules and chains, thus enabling the firewall administrator to spend more time on developing good rules, and less time on the proper implementation of those rules. These rules will be executed by the preferred kernel interface, such as ipchains and iptables, and in one pass. Firewall rules can also be split into different files and loaded at will.
floppyfw is a router and simple firewall on one single floppy. It uses Linux basic firewall capabilities, and has a very simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines, using both static IP, DHCP, and PPPoE, and provides a simple installation, which usually involves editing of only one file on the floppy.
m0n0wall is an all-in-one firewall software package that is based on FreeBSD. It is geared towards embedded PCs, but it also works on standard PCs. It includes an easy-to-use Web interface like commercial firewall boxes do. PHP is used instead of shell scripts, and the entire system configuration is stored in a single XML-formatted file. There is support for VPN, traffic shaping, captive portal, VLANs, and more.
The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
HTTPTunnel is a simple client/server application for creating an HTTP tunnel between two machines, optionally via a Web proxy. This tunnel can then be used to wrap arbitrary TCP socket traffic in HTTP, thus allowing communications even through a restrictive firewall that only allows outgoing HTTP connections.
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
Coyote Linux is a mini distribution designed for setting up network utility services such as Internet connection sharing, firewalling, or wireless access points. The goal is to make it as quick and easy as possible to set up a Linux system with only a minimal amount of Linux knowledge.
ClarkConnect is a powerful yet easy-to-use server/gateway software solution designed for the small/medium-sized organization. The software provides all the necessary server tools to run an organization: email, antivirus, antispam, file sharing, groupware, VPN, firewall, intrusion detection/prevention, content filtering, bandwidth management, multi-WAN and more.
HAVP (HTTP Anti Virus Proxy) is a proxy which scans downloads for viruses with several scanners (ClamAV, F-Prot, Kaspersky, NOD32, Sophos) at the same time. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. It can be used with squid or standalone, and it also supports transparent proxy mode.