ITVal is a decision-diagram based query engine for testing and verifying iptables firewalls. Because firewalls can be very complicated, it is often difficult to know whether your firewall is correctly configured to protect against various attacks. ITVal allows the system administrator to quickly and easily verify that the firewall setup satisfies a set of security properties expressed as queries. Queries are specified in a simple English-like language that is very easy to use. Advanced firewall techniques, such as NAT and stateful filtering, are supported.
OpenWrt is a Linux distribution for wireless routers. Instead of trying to cram every possible feature into one firmware, it provides only a minimal firmware with support for add-on packages. For users, this means the ability to custom-tune features, removing unwanted packages to make room for other packages. For developers, it means being able to focus on packages without having to test and release an entire firmware.
PBNJ is a network suite to monitor changes that occur on a network over time. It does this by checking for changes on the target machine(s), which includes the details about the services running on them as well as the service state. PBNJ parses the data from a scan and stores it in a database. It uses Nmap to perform scans.
NoNox is intended to help automate the defense of Internet servers against attacks such as dictionary login attacks. NoNox monitors log files for user-specified trigger patterns. When a pattern is seen enough times in a given file within a given period of time, NoNox will execute a command. The patterns, time limits, files to watch, and commands are all user-specified. For example, if NoNox sees too many failed login attempts from one IP address, it could execute a command that tells a firewall to drop packets from that host, instantly cutting off the attacker.
Brazilfw is a mini-distribution designed for setting up network utility services such as Internet connection sharing, firewalling, or wireless access points. The goal is to make it as quick and easy as possible to set up a Linux system with only a minimal amount of Linux knowledge. The main goal of BrazilFW is to continue the development of what was the Coyote Linux floppy firewall system.
Program Guard allows the user of a Linux workstation to specify which applications are allowed to make TCP/IP connections to the Internet. Application program names can be specified by listing them in a file (Static Mode) or by querying the user (Query Mode). In Query Mode, connection attempts by unknown programs result in a Program Guard dialog box being displayed. In addition to providing connection information, this gives the workstation user the option of allowing or blocking the program either for the current instance of the program or for all future instances. It consists of a daemon, a kernel module, and a GUI interface component and makes use of the Linux Netfilter interface.
netfico is a complete Linux/netfilter (iptables) firewall and gateway configuration tool. It takes over the complete process of brining up the network interfaces, configuring VLANs, setting IP addresses, setting routes, and configuring the netfilter/iptables rules. This also means that there is just one central place where IP addresses and netmasks are configured. A central goal of netfico is to make handling of firewalls respective gateways with dual stacked (i.e. IPv4 and/or IPv6) hosts and a larger number of subnets easy and feasible.