Projects

pf

PF (Packet Filter) is OpenBSD's system for filtering TCP/IP traffic, doing Network Address Translation, normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. PF has also been ported to FreeBSD, NetBSD, and DragonFly BSD, and is an integral part of MirBSD.

iodine

This is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD and OpenBSD and needs a TUN/TAP device. The bandwidth is ... [More] assymetrical with limited upstream and up to 1 Mbit/s downstream. [Less]

m0n0wall

m0n0wall (monowall) is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a ... [More] bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format. [Less]

Firewall Builder

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent ... [More] abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX, and FWSM. [Less]

EasyBSD

EasyBSD is a modular automation script designed to assist in the extensive post installation process that is required in FreeBSD. The following are modules that are included with EasyBSD, Checks, Update, Security, Networking, Firewall, Recommended Ports, Tips and Tweaks, Daemon, and Universe.

denyssh

DenySSH monitors the auth log of a BSD system for failed SSH login attempts and adds repeat attackers to a Packet Filter table, allowing you to define PF rules to block the attacking hosts or redirect them to a honeypot for your amusement.

libproxy

libproxy is a library that provides automatic proxy configuration management.

ipfilter

Open source firewall project for Unix systems

roadblock

roadblock is an embedded firewall built on freebsd using cherokee and python.

m0n0wall-mod

About projectThis is m0n0wall mod project. m0n0wall is a great tool but there are limitations in standard distribution. Mod project is a patchset intended to overcome these limitations. Mod main features concern: DHCP+PPTP on WAN interface; DHCP+PPPoE on WAN interface; separated WAN Ethernet ... [More] interface named 'WAN eth'. Some ISPs use DHCP+PPTP to setup client connections. First, you get IP address by DHCP over Ethernet. Second, you open VPN PPTP connection. Standard m0n0wall can not use PPTP in conjunction with DHCP, so you specify 'Local IP address' manually. Additionally some ISPs have their own servers accessible through Ethernet interface. Opening PPTP connection you can not access them directly because traffic goes through PPTP tunnel. As you may figure out it is not very fast. Mod project solves these two problems. You can use DHCP+PPTP/PPPoE and have full access to WAN eth interface (firewall, NAT, etc). FeaturesDHCP+PPTP on WAN interface static+PPPoE on WAN interface DHCP+PPPoE on WAN interface (currently mpd is fired up after receiving DHCP lease) L2TP support (1.3x only) separated WAN Ethernet interface named 'WAN eth' in DHCP+PPTP/PPPoE mode (can be used in firewall, NAT, etc) setting DHCP options in DHCP+PPTP/PPPoE mode execute arbitrary commands on PPTP link up/down automatic outbound NAT rules generation for WAN eth (with advanced outbound NAT disabled) simplified LAN-to-LAN routing some sysctl tuning Enabling WAN ethOpen WAN settings, select PPTP or PPPoE, set options, save. Open Interfaces/assign and click 'Add WAN eth interface', reboot. WAN eth interface is ready. Configure routing table for desired traffic to go through WAN eth interface. UpgradingWhen upgrading from generic-pc 1.2x to generic-pc 1.3x, you must install 1.2x-0.3b3 (or later) first before you install 1.3x image. TODOAllow OPT interfaces work as WAN interface, so multiple ISPs can be connected to one router (multi-WAN) DHCP/PPTP/PPPoE for OPT interfaces Policy-based routing Allow hostnames for PPTP server (WAN config) Secure DHCP firewall rules, setting allowed DHCP servers Any ideas? Changelog0.32 (March 14, 2010)Updated 1.3x from 1.3 to 1.31. 0.32 (December 7, 2009)All 1.3x users are strongly recommended to update because of security fix. Updated 1.3x from 1.3b18 to 1.3 final (DHCP client security fix, etc). 0.32 (October 4, 2009)All 1.2x users are strongly recommended to update because of security fix. Updated 1.2x from 1.235 to 1.236 (DHCP client security fix, captive portal fixes). Added experimental L2TP support (1.3x only). Fixes in rc.newwanip improving DHCP+PPPx (default route handling, host-route to VPN server). PPPx: added encryption and authentication protocol options. PPPoE: added linkup/linkdown fields. PPTP: added MTU field (1.3x). NAT: added WAN eth rule for outgoing DNS queries. NAT: added 'PPTP subnet -> WAN eth' outbound rule if PPTP server is enabled. Captive portal: 'Allowed IP Addresses' -> 'Allowed Networks'. GUI: fixed garbage at linkup/linkdown fields if errors occur after clicking 'Save' (WAN config). GUI: show IPv4 gateway at Status/Interfaces page for WAN eth (if 'Ignore routers information' is unchecked). GUI: some small fixes. All .img files are digitally signed now. 0.31 (August 21, 2009)Updated 1.3x from 1.3b16 to 1.3b18. This is intermediate release before 0.32. 0.31 (May 22, 2009)Fixed bug: IPSEC didn't work when configured on WAN eth. 0.3 (May 16, 2009)Checking firmware upgrades using its own server. 1.3x specific: ported changes from m0n0wall HEAD fixing 1.3b16 DHCPv6 problem. PPTP: added 'Execute on link down' field. PPTP: 'Execute on link up' and 'Execute on link down' are processed as shell scripts (e.g. variables can be used including $1-$9 set by mpd). GUI: added IP filtering and table header highlighting to Diagnostics/Logs/Firewall. GUI: fixed some JS to save disabled fields at WAN settings page. GUI: LAN is last interface at Status/Interfaces. GUI: LAN is default interface at Status/Traffic graph. GUI: added mod info to console. 0.3b3 (Apr 19, 2009)Added 1.3x support (IPv6 is not tested and may not work). 1.2x specific: 1.2x -> 1.3x upgrade is possible now. 1.3x specific: improved booting. NAT: simplified automatic outbound rules generation. 0.3b2 (Dec 23, 2008)DHCP+PPPoE implemented (static IP is also possible) 0.3b1 (Dec 07, 2008)PPTP: added 'Do not rebuild routing table on link up' flag. GUI: Fixed incorrect WAN statistics in PPTP mode if WAN eth exists (Status/Interfaces). GUI: WAN eth is fixed and reordered everywhere. Now interfaces are shown in the following order: LAN, WAN, WAN eth. GUI: LAN is default interface at Firewall/Rules. 0.2 (Nov 29, 2008)DHCP configuration now accessible in PPTP mode. DHCP: added 'Ignore routers information' flag. PPTP: added 'Execute on link up' field to execute arbitrary commands on PPTP link up. GUI: Fixed sorting outbound NAT rules. Now sorting includes both source and destination networks. 0.1 (Nov 19, 2008)Initial mod release. Digital signatureStarting from 0.32 all .img files are digitally signed. See image format. RSA public key: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcLayzFBCQ9Z7nC45dcgoHrSKz Extkd7yHsk73deIWWYWym9PPn5JjPGfNYAaY8nF+U3c5hgxX8NS5jb1Zl5hBgNF6 b+nAMgKpkake7skbEj/fHuElQXCXm/yGNjOa0Rm9nWS/Wo/tyd2foPMzIA8F3sgW akIYuWYCzZXg9KhuzwIDAQAB -----END PUBLIC KEY----- ContactFeel free to contact me. Donations are welcome. [Less]