packet2sql converts any text file/log file which contains ipchains packet logs into a stream of SQL inserts which can be used as the base for a firewall-analyzing database application.
Packetflow Firewall Generator
PacketFlow Firewall Generator is an XML-based firewall generator. It takes an XML configuration file that defines the firewall policy and generates a list of iptables commands to implement this policy. It is primarily intended for use on dedicated firewalls, but it can be used in other scenarios. It makes dealing with many interfaces easy. PacketFlow works on the concept of interface "security levels." New connections are allowed to flow down hill from interfaces with a high security level to interfaces with a low security level. This approach tends to make rule sets much shorter, even with many interfaces. Access lists allow you to override the default behavior of the security levels. Access lists are defined between interfaces. There is also support for incoming, outgoing, and wildcard access lists. Wildcard access lists allow you to easily allow new connections to a particular service from any interface.
pasmal is a TCP/IP packet authentication system. When it receives a sequence of ICMP or TCP packets to any port (open/closed), it will issue a command on the server.
PCX Firewall is a perl script which works with several configuration files to generate 3 shell scripts (startfw, stopfw, and restartfw) which actually do the real work of the firewall.
PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It was designed to allow a beginner to build a custom firewall with little or no ipchains experience.
Portsmith is an application-based firewall that is designed to interact with authorized users, and offers an easy-to-use browser driven interface. Portsmith's unique features include its core logic and its interface. Its logic specifies that ports are kept in a closed position until an authorized user logs into the Portsmith interface and triggers them open. When opened, the ports are only accessible from the authorized user's current IP address.
Pyroman is a firewall config tool for complex networks. By using iptables-restore, it's much faster than other tools in configuring the firewall, the configuration is simple, and it has accurate error reporting and offers rollback of changes.
Quarantine firewall is yet another firewall that has masquerade, type-of-service, and traffic shaping features.
quicktables is an iptables firewall and firewall / nat (gateway) script generator. it was created to provide a secure set of iptables rules quickly, while still maintaining vew requirements (sh and ifconfig pretty much). quicktables will ask you to answer a small handful of questions, and generates your very own personalized firewall or script.
rcf is an ipchains-based firewall with extensive support for network services (IPSec, VTUN, NFS, SMB, Napster, Proxies, etc.), masquerading, port forwarding (including network games), and IP accounting.
rChains is a detailed, custom, ipchains ruleset that implements many features including, most noteably, per host bandwidth monitoring via MRTG and CGI log reports.
Regular Expression, Arbitrary Protocol, Opensource Filtering Firewall: an arbitrary protocol proxy. That is to say, the same proxy may be used to control any TCP/IP based protocol - the behavior of the proxy is fully specified by its configuration files
redir is a port redirector, used to forward incoming connections to somewhere else.
redWall Firewall is a bootable CD-ROM Firewall. It's goal is to provide a feature rich firewall solution, with the main goal, to provide a webinterface for all the logfiles generated.
Return-RST is a firewalling tool for Linux 2.2.xx systems using IPCHAINS. It uses the netlink device to capture packets and sends TCP RST packets in response to TCP connection requests.
ROPE is a "match module" for Linux IpTables that allows packets to be matched using highly flexible rules, written in a simple purpose-designed scripting language. It was written initially to provide support for the next phase of the P2PWall project for controlling various styles of peer-to-peer application traffic, but is much broader than this in it's possible uses. See the Basics page for a tutorial-style overview.
rTables is a detailed, custom, iptables ruleset that is currently made up of a few simple bash scripts.
Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful as well as easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls.
The Seattle firewall is an ipchains based firewall that can be used on a dedicated masquerading firewall machine (including LRP), a multi-function masquerade gateway/server or on a standalone Linux system.
Securepoint Firewall Server SB
(commercial) Securepoint Firewall Server SB is a high-performance, commercial-grade application designed to offer full protection for network assets.
SekHost is an iptables control script with a very flexible configuration and packet prioritization features.
ShellTer is an iptables-based firewall. What sets it apart from the rest is that it has built-in SSH brute force protection. It is easy to configure and has an interactive CLI installer. Read more
Shoreline Firewall is an iptables based firewall that can be used on a dedicated firewall system, a multi-function masquerade gateway/server or on a standalone Linux system. Read more
Simple Firewall is an easy tool for administration users and access control using iptables for packet filtering.
SlackFire (SF) is an iptables script with a number of configuration files. SF is aimed to protect a (Slackware) Linux machine or a LAN with SF being used on the router/gateway with a stateful firewall.
SMCRoute is a command line tool to manipulate the multicast routes of the Linux kernel. It can be used as an alternative to dynamic multicast routers like 'mrouted' in situations where static multicast routes should be maintained and/or no proper IGMP signaling exists.
Sopeq is a stealh ingress and egress filtering firewall for IPTables with an easy to configure rules file. Sopeq can be used to configure even the slightest details of IPTables with just a minor change in the rules file.
Sphirewall is a user centric analytical network firewall/router, its the only open source product that provides user/group and role based firewall rules with extensive reporting services
SunGazer Packetfilter is a small and simple tool to set up firewall rules. It works with iptables and is easy to use and configure.
The Doorman guards the door of a server, manipulating firewall rules to admit only recognized parties. Allows Silent Running - a server with all ports CLOSED. Linux-BSD-OSX server & client; C source & docs + Windows client binary. GPL.
theWall is a collection of PicoBSD configuration trees and prebuild binaries for various platforms that provides NAT and firewall services for a small network.
TuxGuardian is an application-based firewall that allows the implementation of access control policies in order to identify and control every application that tries to access the network.
Currently, UFW provides only a command-line interface (CLI) for user interaction--the ufw command.
UIF is used to generate optimized iptables packet filter rules, using a simple description file specified by the user.
Ufw stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.
Untangle's Firewall filters traffic based on IP address, protocol and ports and allows administrators to: designate which systems and services (http, ftp, etc.) are publicly available, create a DMZ and perform NAT (with Router), and run as a transparent bridge to complement existing hardware. Read more
vt-ng detects virus and worm like activity based on communication patterns. It can be used to detect infected hosts within your internal network and stop the spread of malware.
Vuurmuur is a powerful firewall manager built on top of iptables that works with Linux kernels 2.4 and 2.6. Read more
The goal of the WallFire project is to build a very general and modular firewalling application based on Netfilter or any kind of low-level framework.
Wfconvert is a firewalling tool which imports/translates rules from/to any supported firewalling language.
Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML and XML, or even to translate a log file into another firewall log format.
(commercial) Wolverine Firewall and VPN Server - Wolverine is Wolverine Firewall is a commercial grade firewall and VPN solution, designed for use by any size organization. Offering a stateful packet inspection, IPSEC and PPTP VPN services in a very small foot-print while requiring a minimal amount of hardware to operate, Wolverine offers very cost effective solution for network perimeter defense.
XFwall is a graphical firewall software for Linux aimed at corporate users. The software has been adopted by private and governmental companies in Brazil. XFwall can be used with client, servers, and (mainly) gateway machines.
Xtables2 is an effort to do gradual improvements and modernize the packet filter, with input from especially the user community itself.
YAFIG is a LAMP-based firewall rule generator that creates shell scripts for use with Linux netfilter/iptables.