Firewall Log Daemon is a program written in C which will watch for ipchains or iptables log alerts in realtime. The program will start a small daemon process that parses and resolves firewall logs by reading a FIFO that syslog writes to. It can queue a batch of alerts and mail them to you, or can be used in a script to crunch an existing log file or data stream. It features hostname, port, protocol, and ICMP type/code lookup, with output formatted by a user-defined template.
fwmon is a firewall monitor for Linux. It integrates with ipchains/iptables to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary with hex and ASCII data dumps to stdout, a logfile, tcpdump-style capture files, and even syslog. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.
floppyfw is a router and simple firewall on one single floppy. It uses Linux basic firewall capabilities, and has a very simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines, using both static IP, DHCP, and PPPoE, and provides a simple installation, which usually involves editing of only one file on the floppy.
FrazierWall Linux is a single floppy distribution Linux firewall that is based on the Linux Router Project. It is designed for use with ethernet base internet connections (such as cable modems or xDSL lines). It allows you to share such a connection with several other computers on a LAN. It is easy to setup and maintain, and is available in a Linux configurable software version.
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
Firewall is a set of scripts (firewall, fwup, and fwdown) that implement an ipchains firewall and various forms of network address and port translation. All you have to do is read the policy file and edit it to reflect your topology and filtering policy. It supports many different types of network topology (single host, traditional forwarding, masquerading, port forwarding, alias port forwarding and NAT), up to 10 untrusted interfaces each with their own policy, and over 50 network applications. It also supports centralised administration of multiple remote firewalls (meta-firewall).
The Generic Software Wrappers Toolkit allows you to wrap closed-source applications to constrain or transform their behavior. Wrappers are written that intercept system calls and other system events, and allow you to deny, transform, log, or augment the system events. They are written in a custom language that abstracts away many of the gritty issues, allowing the wrapper author to concentrate on policy. Sample wrappers include dbfencrypt, which provides transparent access to "encrypted" files; controlledx, which limits the programs a process can execute; and id-seq, a trainable sequence-based intrusion detection wrapper.
Gibraltar is a Debian GNU/Linux-based router/firewall distribution, fully workable from a bootable, live CD-ROM. Log files can be stored on a hard disk, and configuration data is stored on a USB mass storage media or a floppy disk and kept on a RAM disk during run-time. Due to its Debian base, a vast manifold of firewalling, routing, and proxy packages is available. It comes with an intuitive, easy to use Web administration interface and support, and is free to use for home users.