FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs. iptables options are shown only if they are valid at the current context. It supports completion of options, matches, and targets, and dynamic retrieval of data from the system, including chains, set names, interfaces, and hostnames. Environment variables allow completion options to be tuned. IP and MAC addresses can be supplied using a file.
htb-gen is an easy, scalable bandwidth management tool. You can set up/down portions of bandwidth for each host or network that goes through your router/firewall. Priority traffic (Web, email, gaming, FTP, VOIP, and streaming) is preferred over junk traffic (Kazaa, emule, etc). Dynamic bandwidth borrowing and reassignment is done between hosts thanks to htb boundaries. A Web frontend for config is available, so remote management is possible. It is bash-based, so it can be used in embedded routers/firewalls (wired/wireless). Two backends are available: one that generates raw tc commands, and one that generates htb-init conf files (util for integration). The packet classification is done by iptables.
IP-Array is a Linux iptables firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, traffic shaping (creation of custom HTB and SFQ qdiscs, classes, and filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.
LBackup is a simple backup system aimed at systems administrators who require reliable backups with minimum fuss. It is configured with configuration files, and the backup is started from the command line. It has been tested for over 10 years. Backups can be to local media, or to remote media via one or more networks. The networks may be private LANs, WANs, or sets of untrusted public networks such as the Internet.
IPv6 CARE, "IPv6 Compliant Automatic Runtime Environment", provides an environment where applications instantly become IPv6-compliant ('patch' mode, see RFC6535). It can also generate a diagnosis about the IPv6 compliance of an application ('check' mode). It uses an LD_PRELOAD-based library injection technique.
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
Bartlby is a network and system monitor, completely written in C, to provide a scalable framework with the ability to monitor networks of various sizes. It consists of a core daemon, several plugins, and a Web GUI (PHP extension). The core daemon checks (over active/passive TCP) services/hosts and notifies users in case of critical service conditions (mail, SMS, ICQ, and custom triggers are supported). Bartlby provides an open plugin interface to give every administrator an easy to use option to extend the plugin base, and a fully customizable GUI (written in PHP using a C extension). Nearby everything can be controlled via an XML interface.