StopHack is a simple to use and easy to install intrusion prevention system. It is fully adaptable and easily customized to your environment. It is built on top of proven bandwidth arbitration technology so the traffic passing through it won't be slowed down. Every packet is analyzed with regular expression-based behavior anomaly detection, and hackers are blocked immediately. It prevents reflected cross-site scripting, SQL injection, directory traversal, reflected URL redirects, login brute forcing, remote shell execution, and more.
log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the Web server log file and watches for inactivity from the user's IP. After an amount of time, another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command line program that can be run in the background.
Sequreisp is an ISP management software. It has a nice and powerful Web interface, and it can handle up to 3000 or more clients in a single server, thus it is oriented to small/medium ISPs and WISPs. It features load balancing, failover, prioritization, bandwidth control, P2P detection, Web cache, backup in a single file, VLAN support, and much more.
rules2mrtg is a tool that creates MRTG data traffic graphs derived from iptables's internal traffic statistics for the local machine for every configured IP number/ethernet alias. You can also define ports or port ranges to be monitored per IP address. This avoids problems with using SNMP and aliased interfaces.
Ipt_fw is a firewall for Linux based on iptables. It is designed for client systems. Ipt_fw outputs a shell script containing iptables commands, so inspection of the settings it creates is easy. The configuration files are made in LibreOffice（OpenOffice）Calc. Making of the firewall and a machine using the firewall are separated. It allows you to set the user level and features detailed logging, IP address blacklist management, and iptables integrity.
LILA is a command line tool that allows you to monitor netfilter logs stored in a MySQL database in real time. It converts the text messages created by netfilter into nice colored output. Two features that should be highlighted are that it resolves IP addresses to hostnames with two different techniques and detects duplicate packets (with the same destination IP and chain) that have been sent in a freely configurable time interval. This allow the user to avoid getting flooded with hundreds of identical packets that don't offer any additional information. It uses a separate configuration file, which allows you to modify various aspects on how it works and how logs are being displayed. It has a lot of other features.