ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the related architecture. HIP is a proposal to change the TCP/IP stack to securely support mobility and multi-homing. Additionally, it provides for enhanced security and privacy and advanced network concepts, such as moving networks and mobile ad hoc networks. HIP is "cool", which means that as a mobile VPN solution, when your network interfaces go up or down, there is no need to re-establish a secure tunnel.
OpenWrt is a Linux distribution for wireless routers. Instead of trying to cram every possible feature into one firmware, it provides only a minimal firmware with support for add-on packages. For users, this means the ability to custom-tune features, removing unwanted packages to make room for other packages. For developers, it means being able to focus on packages without having to test and release an entire firmware.
ROPE is an open-ended iptables match module that allows rules to be written using a simple but powerful scripting language. It is designed for controlling complex high-level protocols that cannot be blocked using traditional criteria based on port numbers (etc.). Criteria can include tests on any field of the IP, UDP, or TCP headers as well as the packet data payload.
Hardened Debian improves Debian GNU/Linux with high security and hardening features, hardened kernels and packages, DHKP, and other security related enhancements. It makes systems more difficult to compromise using common attacks such as race conditions, chroot jail escapes, and buffer overflows.