Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, ARP, and ICMP. It allows you to filter IP addresses, hardware addresses, ports, and specific protocols. It comes with a little GTK-GUI displaying packet counters for each protocol.
Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.
CIPE (Crypto IP Encapsulation) is an ongoing project to build encrypting IP routers. The protocol used is as lightweight as possible. It is designed for passing encrypted packets between prearranged routers in the form of UDP packets. This is not as flexible as IPSEC but it is enough for the original intended purpose: securely connecting subnets over an insecure transit network.
Coyote Linux is a mini distribution designed for setting up network utility services such as Internet connection sharing, firewalling, or wireless access points. The goal is to make it as quick and easy as possible to set up a Linux system with only a minimal amount of Linux knowledge.
Fd Linux is a mini floppy distribution of Linux set to fit on 1 floppy disk (kernel and root fs are combined). The sole purpose of this floppy distribution is to provide new Linux users with low-end machines (such as a 386) a very useful set of networking related binaries that can be easily accessed at any time, and which can be used in almost any networked environment (libraries, colleges, offices, small home LANs, dorm rooms, etc.).
ferm is a tool to maintain and setup complicated firewall rules. It allows one to reduce the tedious task of carefully inserting rules and chains, thus enabling the firewall administrator to spend more time on developing good rules, and less time on the proper implementation of those rules. These rules will be executed by the preferred kernel interface, such as ipchains and iptables, and in one pass. Firewall rules can also be split into different files and loaded at will.
fireparse is an ADMLogger plugin that emails a report of all packets that have been logged by the kernel's packet filtering subsystem (iptables/netfilter or ipchains). The report includes source and destination ports, direction, logged packet count, matched rule, and fully resolved host names (if available). The email report can be formatted to plain text or a colored HTML table.
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
fwmon is a firewall monitor for Linux. It integrates with ipchains/iptables to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary with hex and ASCII data dumps to stdout, a logfile, tcpdump-style capture files, and even syslog. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.