etherdam is an IPTables firewall configuration engine. It implements a primitive (and hopefully simple) scripting language as an alternative to the direct use of iptables. It comes with full documentation plus a heavily-commented example config file. The config file should work for many scenarios with minimal adjustment.
The Open Vulnerability Assessment System (OpenVAS) scanner runs many network vulnerability tests (NVTs) against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. Additional components are: openvas-client to control the scanner, and openvas-manager and openvas-administrator to leverage OpenVAS to a comprehensive vulnerability management solution. OpenVAS is a fork of Nessus.