ips-qos is a flexible firewall and traffic shaping tool. It was formerly offered as installers for the popular Linux distributions. The current version is available under Debian GNU/Linux. It was intended to give administrators more control over a shared Internet connection. It includes ips, a flexible and easy-to-use configurable firewall with the ability to control access to the Internet (or selected services) from a LAN. It also includes qos, a traffic shaping tool that measures and controls the traffic load for every computer in a LAN.
Firewall Builder for Cisco IOS ACL completes a set of tools designed to manage a multi-tiered network security system. This module can generate access control list configuration for Cisco routers running IOS 12.x. The Firewall Builder GUI's built-in installer uses ssh to communicate with the router to install the generated ACL configuration. Several installation methods are provided to make sure the management workstation is not "cut off" from the router in the middle of ACL activation. Firewall Builder's built-in policy importer can be used to import existing router configurations.
OpenFWTK is an application proxy toolkit which inherits the ideology of TIS fwtk and maintains API backwards compatibility. The design goal is to make it simple yet powerful; no performance hacks are allowed in the code and library dependencies are reduced to a minimum. It is a true application layer filter. It features unified pluggable content inspection for the most frequently used protocols, NAC (Network Admission Control), and the ability to define fine-grained Internet access policy based on browser identification.
ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
vt-ng detects virus and worm like activity based on communication patterns. It can be used to detect infected hosts within your internal network and stop the spread of malware. Detection is based on the fact that malware usually tries to initiate many connections to the outside network for various reasons, such as to "phone home", download further malware, or scan the network for other vulnerable hosts.
NetGuard is intended to be a complete, embedded firewall solution. It is based on the Debian GNU/Linux operating system, and uses iptables to effectively manage your home or corporate LAN. It's designed to run on a wrap router board, which is hardware that can be run with no fan, no noise, and less power current. NetGuard can be also run on an old PC using the generic PC version.