nss-pam-ldapd is a Name Service Switch module and Pluggable Authentication Module using an LDAP server. It allows your LDAP server to provide user account, group, host name, alias, netgroup, and almost any other information that you would normally get from /etc flat files or NIS, and allows you to do authentication to an LDAP server.
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
The ATA over Ethernet Tools are intended for use in conjunction with an ATA over Ethernet (AoE) driver for a Linux 2.6 kernel, called "aoe". The tools perform simple tasks like listing available devices, triggering device discovery, and restricting the network interfaces on which AoE is performed.
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included.
Gargoyle is an interface for small, widely available routers such as the Linksys WRT54G series and the La Fonera. It provides functionality above and beyond what the default software provides including sophisticated dynamic DNS, quality of service, and bandwidth monitoring tools. The primary goal is to provide a polished interface for these advanced tools that is at least as easy to configure as any existing firmware. This project is based on top of OpenWrt, but unlike other Web interfaces for OpenWrt it places a strong focus an usability and is meant for average users, not just power users.
WANsim allows you to simulate (more accurately, emulate) a WAN connection. In particular, it allows a user to change the emulated WAN speed, latency, variation, packet loss, packet duplication, and packet corruption aspects. It is configured as a network bridge that is established at boot time and uses the Linux Kernel NETEM functionality to accomplish its goals. Although relatively well documented, this functionality is not the easiest to use. WANsim wraps it into a simple to use script.