L7-filter is a packet classifier for Netfilter that identifies packets based on application layer (OSI layer 7) data. This means that it is able to classify packets as HTTP, FTP, Gnucleus, Kazaa, etc., regardless of ports. It complements existing matches that classify based on port numbers, packet length, TOS bits, and so on. Combined with Linux QoS, it allows for full layer 7 packet shaping.
Dante is a free implementation of the proxy protocols SOCKS version 4 and SOCKS version 5 (RFC 1928). It can be used as a firewall between networks, controlling outgoing traffic. The package consists of two parts: a socks server and a proxy client that supports socks, HTTP proxies, and UPnP. RFC 1961 (GSSAPI) is supported in both the client and the server. Commercial support is available.
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
collectd is a small and modular daemon which collects system information periodically and provides means to store the values. Included in the distribution are numerous plug-ins for collecting CPU, disk, and memory usage, network interface and DNS traffic, network latency, database statistics, and much more. Custom statistics can easily be added in a number of ways, including execution of arbitrary programs and plug-ins written in Perl. Advanced features include a powerful network code to collect statistics for entire setups and SNMP integration to query network equipment.
Kismet is an 802.11 layer 2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (device drivers permitting). It identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of non-beaconing networks via data traffic.
getmail is intended as a simple, secure, and reliable replacement for fetchmail. It retrieves email (either all messages, or only unread messages) from one or more POP3, SPDS, or IMAP4 servers (with or without SSL) for one or more email accounts, and reliably delivers into qmail-style Maildirs, mboxrd files, or through external MDAs (command deliveries) specified on a per-account basis. getmail also has excellent support for domain (multidrop) mailboxes, including delivering messages to different users or destinations based on the envelope recipient address.
NOC Project is an Operation Support System (OSS) for telecom companies, service providers, and enterprise Network Operation Centers (NOC). Areas covered by NOC include fault management, performance management, service activation/provisioning, knowledge base, multi-VRF address space management (IPAM), multi-vendor configuration management, DNS provisioning, peering management, RPSL and BGP filter generation, and reporting.