Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
redWall is a bootable CD-ROM firewall which focuses on Web-based reporting of the firewall's status. It includes Snort, snortsam, dansguardian, and support for fwbuilder, squidguard, reporting (using BASE/sarg/ntop/webfwlog), VPN (Openswan/PoPToP/Openvpn), Spam Filtering (spamassassin, dcc, razor2, clamav, amavis-new, dspam and maia mailguard), and mail-based, alerting. Configuration data are stored on a floppy or USB disk.
Nmap ("Network Mapper") is a utility for network exploration, administration, and security auditing. It uses IP packets in novel ways to determine which hosts are available online (host discovery), which TCP/UDP ports are open (port scanning), and what applications and services are listening on each port (version detection). It can also identify remote host OS and device types via TCP/IP fingerprinting. Nmap offers flexible target and port specifications, decoy/stealth scanning for firewall and IDS evasion, and highly optimized timing algorithms for fast scanning.
Firetable is an IPtables firewall script for Linux. It has no graphical interface, and all the configuration is done via configuration files. This makes Firetable ideal for servers. The syntax of the configuration file is easy to learn and logical. Multiple interfaces can be maintained independently.
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
floppyfw is a router and simple firewall on one single floppy. It uses Linux basic firewall capabilities, and has a very simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines, using both static IP, DHCP, and PPPoE, and provides a simple installation, which usually involves editing of only one file on the floppy.
DenyThem is a program designed to protect your Linux system from malicious attacks. It is an active response system to disrupt and block dictionary attacks and DOS attacks. DenyThem by default uses /var/log/syslog and /var/log/auth.log and searches for hack attempts. When DenyThem finds enough hack attempts from a single host, it will add a DROP statement to your system's firewall, thus preventing future attacks. DenyThem uses iptables, so it will only work on Linux or any other system that uses iptables. It can also block traffic from specific countries.