Firetero is a firewall for a single computer. The default setup works for a typical workstation. For a server, a sample configuration is available for most common daemons. Firetero uses the iptables syntax for rule definitions, has a standard /etc/init.d start script, and offers a rules.d directory for integration with other packages.
AlmostVPN is an SSH tunnel manager with a twist. It is packaged as a Preference Panel, so you do not have to use yet another application to configure your tunnels. Instead, it uses creative network configuration techniques to provide almost VPN-like access to remote services, so you can keep using real IP addresses and port numbers while accessing service on the other side of your tunnels. It provides a simple way to mount remote volumes, use remote printers and faxes, access iTunes, iPhoto, and almost any other Bonjour-based application, transfer and execute files, and more.
Yxorp is a reverse proxy for HTTP. All the fields in requests can be checked and modified by rules. Load balancing, virtual hosting, multiple TCP ports, and SSL are supported. The configuration can be modified on-line. Yxorp can be used to protect Web sites, place pages behind a login, rewrite URLs, etc.
The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
ike-scan discovers IPsec VPN servers, and can fingerprint them using UDP backoff and Vendor ID fingerprinting techniques. It supports IKE Main Mode and Aggressive Mode. ike-scan allows flexible specification of the outgoing IKE packet, and decodes the response packets. It also supports pre-shared key cracking for IKE aggressive mode with pre-shared key authentication.
Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the related architecture. HIP is a proposal to change the TCP/IP stack to securely support mobility and multi-homing. Additionally, it provides for enhanced security and privacy and advanced network concepts, such as moving networks and mobile ad hoc networks. HIP is "cool", which means that as a mobile VPN solution, when your network interfaces go up or down, there is no need to re-establish a secure tunnel.