GreenSQL is a database firewall used to protect databases from SQL injection attacks. GreenSQL works in a proxy mode and has built-in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix, as well as blocking known DB administrative commands (such as DROP and CREATE).
Traffpro is a Linux-based traffic control, traffic accounting, bandwidth shaping, bandwidth management, and network security system with many features for reporting and billing. Internet access can be distributed to a LAN and users can be assigned a traffic quota. Networks are protected from external intrusions with a firewall. You can control ports, blacklist URLs, add iptables rules, configure multiple ISPs and multiple subnets, detect viruses, view URL histories (without Squid), see the traffic consumed by individual users, and more. It also has a ticket support system and a captive portal module.
The Firewall Tester is a tool designed for testing firewalls' filtering policies. It includes an Intrusion Detection System testing feature, along with a packet generator tool and a sniffer. Unlike common firewall testing tools or packet generators, ftester is capable of generating network traffic that will look like real connections to the firewall or IDS system tested, which allows users to test stateful inspection firewalls (like netfilter or ipfilter) and IDS (like snort).
NuFW is an authenticating firewall. It adds strict and secure identity-based filtering capabilities to enterprise-grade firewalls. It can also set quality of service on a per-user basis and log user activities into an SQL database. Furthermore, it can use multiple external authentication sources via PAM and be the key of a Single Sign On solution.
HAVP (HTTP Anti Virus Proxy) is a proxy which scans downloads for viruses with several scanners (ClamAV, F-Prot, Kaspersky, NOD32, Sophos) at the same time. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. It can be used with squid or standalone, and it also supports transparent proxy mode.
IPFire is a Linux firewall distribution that is built from source and comes with lots of additional features. It is easy to set up and administer. It features a firewall with stateful inspection, a content filtering engine, traffic control (QoS), VPN technology, and a lot of logging.
homeLANsecurity is a series of shell scripts for loading iptables firewall rules. The goal of these scripts is to provide an easy to manage framework for standard iptables rule sets. The scripts are well documented and are easily edited. It is primarily designed to operate on home or small office gateway Linux system, but the scripts can be easily adapted to protect an individual Linux server or workstation. homeLANsecurity's command set is written to support loading, clearing, saving, restoring, testing, and displaying of iptables rules. The configuration supports NAT, port forwarding of common services, TOS packet mangling, OpenVPN, Squid transparent proxy, IP address banning, adaptive banning, and connection tuning. Custom iptables rules are easily inserted without any editing of the scripts themselves.
Vyatta is a Linux-based routing and security distribution. It is meant to deliver a flexible, affordable alternative to Cisco 1800 through 7200 series routers. Vyatta is also a great virtual router, virtual firewall, virtual security solution for VMware, Xen, XenServer, and KVM virtualization projects.
Gibraltar is a Debian GNU/Linux-based router/firewall distribution, fully workable from a bootable, live CD-ROM. Log files can be stored on a hard disk, and configuration data is stored on a USB mass storage media or a floppy disk and kept on a RAM disk during run-time. Due to its Debian base, a vast manifold of firewalling, routing, and proxy packages is available. It comes with an intuitive, easy to use Web administration interface and support, and is free to use for home users.