Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) as well as various rc scripts and documentation. It is known to interoperate with other IPSEC and IKE system already deployed by other vendors such as OpenBSD, Cisco, or CheckPoint. It also features Opportunistic Encryption, subnet extrusion, and with the appropriate patches interops nicely with Microsoft Windows XP/2000 using X.509 certificates.
The Public IP ZoneCD has been created to help implement safe, free, wifi hotspots. NoCat dynamic firewall rules are used for user access and authentication. A transparent proxy sends all "Public" requests from NoCat through a content filter (Dansguardian) to block porn, hacker sites, extreme violence, illegal drugs, and other obscene and explicit Web sites. The content filter also blocks files extensions to protect your network from viruses, and restricts file sizes to save bandwidth.
The IP Masquerade HOWTO is the document that contains instructions on understanding, configuring, and troubleshooting NAT or Network Address Translation for Linux. It covers topics such as IPTABLES, PORTFW, IPCHAINS, IPFWADM, stronger packet firewalls, multiple network segments, and configuring many client operating systems. It also has an extensive FAQ and troubleshooting section.
Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.
ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
Mail2sh makes it possible to carry out shell commands by email. Email is sent to a particular user on your host and the commands will be carried out if the user and password given matches ones in /etc/passwd. Commands are executed with the user's privileges, and combined with a PGP module ensures a certain level of security for use. Note that the system is not natively encrypted, so use of an encryption mechanism is highly recommended for security reasons.
OpenWrt is a Linux distribution for wireless routers. Instead of trying to cram every possible feature into one firmware, it provides only a minimal firmware with support for add-on packages. For users, this means the ability to custom-tune features, removing unwanted packages to make room for other packages. For developers, it means being able to focus on packages without having to test and release an entire firmware.