drcom-client is an ISP client for Dr.COM networks, a specialized broadband access and authentication system produced by Doctorcom Corp, which has been used in many universities in China. Compared to the official Windows client, it avoids problems with the prevention of NAT and proxy servers.
flex-fw is a small and fast front-end for the Linux iptables utility with an easy command syntax like ipfw or pf from BSD systems. It features service-oriented configuration, support for network profiles, which is useful for notebooks, support for macros, easy migration to another network environment by redefining macros, easy distribution to many hosts, syslog logging support for iptables errors and dropped packets, an interactive mode for manually configuring "on the fly", a batch mode for execution from shell scripts, and a library mode for using the flex-fw functions in your shell scripts.
'blaze' is a Netfilter iptables firewall script that is meant to be ridiculously easy to use, pretty basic, but powerful enough to handle a box with multiple NICs to support gateway usage, possibly with NAT. Setup should take no more than five minutes. Logging is not currently supported.
A fail2ban lite. IPQ BDB is a netfilter userspace daemon that can block or mark IP packets according to iptables rules that issue the corresponding -j NFQUEUE, as well as a Berkeley database of bad IPv4 addresses. A log parser and a banning utility add entries to the database. An IP has to be caught a configurable number of times before being blocked. Transitions between blocked and non-blocked are faded using probabilities. A halving period governs IP rehabilitation.
LILA is a command line tool that allows you to monitor netfilter logs stored in a MySQL database in real time. It converts the text messages created by netfilter into nice colored output. Two features that should be highlighted are that it resolves IP addresses to hostnames with two different techniques and detects duplicate packets (with the same destination IP and chain) that have been sent in a freely configurable time interval. This allow the user to avoid getting flooded with hundreds of identical packets that don't offer any additional information. It uses a separate configuration file, which allows you to modify various aspects on how it works and how logs are being displayed. It has a lot of other features.
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs. iptables options are shown only if they are valid at the current context. It supports completion of options, matches, and targets, and dynamic retrieval of data from the system, including chains, set names, interfaces, and hostnames. Environment variables allow completion options to be tuned. IP and MAC addresses can be supplied using a file.