Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway that includes a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. Features include a modern packet filter, intrusion detection and prevention, portscan detection, application control, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.
RackTables is a tool to manage tens of racks, hundreds of servers, and thousands of MAC and IP addresses. It will work with a single rack as well. It features a real-life rackspace model, typed rack objects with flexible attribute sets, a tagging system, IP address management ready for NAT, virtual routers and load balancers, accurate network connection handling, a universal search function, a multi-user access model, and an extensible dictionary.
Traffic Squeezer is a Linux kernel based WAN network traffic accelerator from Doublefish Solutions. It uses methods such as traffic compression, traffic PDU coalescing, protocol specific acceleration (such as TCP acceleration mechanisms), and quality of service. Traffic Squeezer also contains custom L7filters (application protocol filters), DPI (Deep Packet Engines) and so on to control and administrate your traffic. With Traffic Squeezer, you can optimize MPLS,ISDN, leased links, Satellite Networks, and Marine Internet, and even build your own custom WAN Appliance with Traffic Squeezer. A GUI is now supported via Doublefish Solution Aquarium. Aquarium is a Web-GUI that also supports Traffic Squeezer, Squid, and other open source solutions.
smtp-cli is an SMTP command line client with support for advanced features such as STARTTLS, SMTP-AUTH, or IPv6. It also has scriptable message composition capabilities supporting anything from simple plain-text messages right up to building complex HTML emails with alternative plain-text part, attachments, and inline images. It's also a convenient tool for testing and debugging SMTP servers' setups. smtp-cli can be used to check a given server's capabilities, to test your server's setup, or to create and dispatch email messages. The command line interface is intuitive, and everything is scriptable and can run in a completely non-interactive mode from scripts or cron jobs. smtp-cli is ideal for shipping log files from remote machines, running periodic mail delivery test loops, etc.
Borderline is a firewall generator. It takes a generic rule specification as input and generated an highly optimized firewall. It features IPv6 rule generation, support for multiple interfaces, and integrated support for network zones. It currently only supports firewall generation for Linux 2.6 (netfilter).
Managed TFTP server is a TFTP server. The main TFTP class runs without modifications on Mono. It works both in IPv4 and IPv6 mode. It has correct retry behavior. It supports the following TFTP options: block size, transfer size, and timeout. It's possible to run in single port mode, which ensures that only port 69 will be used for TFTP transfers, simplifying firewall and router configuration. It supports many concurrent transfers. It runs as a Windows service. It supports multiple TFTP servers on different endpoints, each serving its own root directory. It has an advanced MSI-based installer. It logs to the windows event log. It has a permissive MIT license so it can be used in commercial projects.
Suricata is an Intrusion Detection and Prevention (IDS/IPS) engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support, file extraction capabilities, and many more features. It's capable of loading existing Snort rules and signatures, and supports many frontends through Barnyard2.
radns is a small, portable client-side implementation of the RDNSS option in IPv6 Router Advertisements (RFC 5006) that is used to get the address of a resolving DNS server. It listens for Router Advertisements with the Recursive DNS Server (RDNSS) option and stores the addresses in a file following the same syntax as resolv.conf. It optionally calls a script to handle, for instance, DHCP clients that compete for ownership of /etc/resolv.conf or to set the DNS server on systems that don't use resolv.conf at all. It can be easily integrated with the resolvconf(8) program.