Projects tagged ‘firewall’

OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform ... [More] portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module. [Less]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators.

PF (Packet Filter) is OpenBSD's system for filtering TCP/IP traffic, doing Network Address Translation, normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. PF has also been ported to FreeBSD, NetBSD, and DragonFly BSD, and is an integral part of MirBSD.

Snort® is an open source network intrusion prevention and detection system using a flexible rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is ... [More] the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. [Less]

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious junk. It is based on the Internet Junkbuster.

Endian Firewall Community is a "turn-key" linux security distribution that turns every system into a full featured security appliance with Unified Threat Management (UTM) functionality. The software has been de signed with "usability in mind" and is ... [More] very easy to install, use and manage, without losing its flexibility. The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is sponsored by Endian. [Less]

m0n0wall (monowall) is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of ... [More] the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format. [Less]

The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and ... [More] with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode; as a consequence, Shorewall can take advantage of Netfilter's connection state tracking capabilities to create a stateful firewall. [Less]

eBox is a framework for the development and deployment of network services in small and medium-sized networks, offering a simplified graphical interface to non expert users. It can be set up as a gateway, having some extra features over a usual router.

IPCop Linux is a complete Linux distribution whose sole purpose is to protect the networks on which it is installed.

PeerGuardian helps protect your privacy by blocking many ranges of aggressive IPs while you use P2P.

The pfSense software group is a group of firewalling, operating system and usability enthusiast. Each member is dedicated to create a eye popping firewall platform that can be easily administered using a web 2.0 driven GUI. pfSense is an open ... [More] source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD's ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queuing and finally an integrated package management system for extending the environment with new features. [Less]

Firestarter is a firewall tool for Linux, and uses GNOME. You can use the wizard to create a basic firewall, then streamline it further using the dynamic rules. You can open and close ports with a few clicks, or stealth your services giving access ... [More] only to a select few. It features a real-time hit monitor which you can watch as attackers probe your machine for open ports. [Less]

Vyatta software is a Linux-based, open-source networking (router, firewall, VPN) solution that leverages x86 hardware and components to deliver a flexible, affordable alternative to Cisco 1800 through 7200 series routers. Vyatta is a enterprise class, commercial open source offering with a staff of full-time engineers and support personnel.

UDT is an application level data transport protocol for the emerging distributed data intensive applications over wide area high-speed networks. UDT uses UDP to transfer bulk data and it has its own reliability control and congestion control ... [More] mechanism. This new protocol is not only for private or QoS-enabled links, but also for shared networks. Furthermore, UDT is also a highly configurable framework that can accommodate various congestion control algorithms. [Less]

EasyBSD is a modular automation script designed to assist in the extensive post installation process that is required in FreeBSD. The following are modules that are included with EasyBSD, Checks, Update, Security, Networking, Firewall, Recommended Ports, Tips and Tweaks, Daemon, and Universe.

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion ... [More] Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language. Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events. Prelude is commited to providing an Hybrid IDS that offers the ability to unify currently available tools. [Less]

NuFW, Now user Filtering Works, is an "authenticating gateway". It fully integrates with Netfilter and Iptables and adds authentication capabilities. Its exclusive algorithm allows network wide identity-based filtering.

IPFire is new-developed firewall build with the latest releases of linux 2.6 and tools. You are able to install a lot of addons and you will see a firewall can become a home server.

Web-based proxy bypasser coded in PHP. bblocked allows you to quickly and easily setup your very own proxy bypass site! Requires PHP >= 4.3.0, and is fully compatible with PHP 5.

strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developed over the last three years. It features IKEv1 and IKEv2 keying capabilities and targets Linux 2.6 native IPsec.

DenySSH monitors the auth log of a BSD system for failed SSH login attempts and adds repeat attackers to a Packet Filter table, allowing you to define PF rules to block the attacking hosts or redirect them to a honeypot for your amusement.

Nulog2 is a firewall logs analysis solution. It is build upon Twisted and is able to extract information from Netfilter and/or NuFW logs.

Bastille Unix is a Hardening and Reporting/Auditing Program which enhances the security of a Unix box, by configuring daemons, system settings and firewalling. It currently functions on HP-UX, Red Hat, SuSE, Gentoo, Mandrivia, and OSX

FireHOL is a stateful iptables packet filtering firewall configurator. It is abstracted, extensible, easy and powerful. It can handle any kind of firewall, but most importantly, it gives you the means to configure it, the same way you think of it.

Nulog is a firewall log analysis interface written in php. Netfilter and NuFW are able to log selected packets directly in a database like MySQL or PostgreSQL. Nulog uses this interface to display security events in real-time on a user-friendly interface.

pyctd is a XML-RPC service for monitoring and altering Netfilter connections for network admins. It is able to list connections (with byte rate of connections), to remove entries and to modify mark and timeout .

GreenSQL is a database firewall engine used to protect Open Source Databases from SQL injection attacks. It works in proxy mode. Application logics is based on evaluating of SQL commands using risk score factors, as well as blocking of administrative commands.

SME Server is a leading distribution for small and medium enterprises. It stands apart from the competition by shipping with most common functionality preconfigured and features a number of popular additional enhancements in the form of ... [More] downloadable 'contributions'. It is published under the GPL license and while freely available, a small donation is requested. [Less]

ISPConfig is an open source hosting control panel for Linux.