Software Map

Brcontrol is a set of patches to allow some
interaction between an IDS and a firewall.
Currently, snort is supported as an IDS, and the
netfilter facility of Linux is supported as a
firewall. Brcontrol can help in the creation of
aggresive honeypots or other advanced firewall and
IDS configurations. It can also work as a bridge.

The ipfwadm2ipchains script is designed to convert ipfwadm rulesets into ipchains rulesets. Simply feed it your ipfwadm rules via stdin and it will print out the corresponding ipchains rules.

vpn-shaper is a dynamic traffic shaper for
openvpn, poptop, and similar programs, using
iproute2. It allows shaping of traffic between
many users conected to one server, and it supports
different prioritiy schemes for different users
and different types of traffic. Trafic shaping
uses the HTB qdisc. Prioritization uses l7-filter
and ipp2p and some of the patch-o-matic
extensions. Classification of trafic in HTB
classes is done by using the IPMARC patch-o-matic
extension. vpn-shaper requires the IPMARK
patch-o-matic extension, connmark iptables match,
and HTB qdisc.

uuturn allows you to detect someone remotely logging in to one of your boxen and then going on to another, without even logging into the box, by only analyzing the packets on the network. It's a connection correlator. Bullets not included.

Enhanced Reverse Pimpage is an enhanced version of
the original rpimp by Matt Miller. Reverse Pimpage
was designed to allow you to access a computer
that is behind a firewall from outside that
firewall itself. The way it accomplishes this is
by having the client (the computer behind the
firewall) send a SYN request to a certain port at
certain intervals. The computer that will access
the client must run the server program, and when
the time interval is up it will connect. Once it's
connected, the client telnets to itself and routes
data back and forth between the two.

SPITS (Simple PHP Internet Traffic Shaping) is a
PHP Web Interface for managing traffic control
queueing disciplines (qdiscs) and classes.
Iptables rules are used in order to classify the
packets. It currently only supports few qdiscs and
iptables rules with few matches.

An IPv6 syn port scanner.

'blaze' is a Netfilter iptables firewall script that is meant to be ridiculously easy to use, pretty basic, but powerful enough to handle a box with multiple NICs to support gateway usage, possibly with NAT. Setup should take no more than five minutes. Logging is not currently supported.

ipmkchains reads in a set of firewall rule files, computes the differences between those rules and the rules that are currently in use, and executes the necessary commands to make the rules in use match the rules from the file, using diff and ipchains.

Net::Telnet::Netscreen is made to get info out of Netscreen firewalls, using a telnet interface to Netscreen's Screenos. It's made based on Net::Telnet::Cisco, with some custom commands for the Netscreen firewalls.

SquidRestrict is a Web-based tool that allows multiple time restrictions
to be placed on Internet usage for firewalls that use Squid. Primarily,
the focus of SquidRestrict is on the Linux-based firewalls IPCop and
Smoothwall.

Kattive is a captive portal with an interesting interface, written in Perl and completely Web-based. It interacts with iptables or whatever you want. It's template-based.
It works as a transparent rule activator and as an Internet Point interface. It has many features like schools/classes administration. If used in a hotel, you can count the time for billing.

netfico is a complete Linux/netfilter (iptables)
firewall and gateway configuration tool. It takes
over the complete process of brining up the
network interfaces, configuring VLANs, setting IP
addresses, setting routes, and configuring the
netfilter/iptables rules. This also means that
there is just one central place where IP addresses
and netmasks are configured. A central goal of
netfico is to make handling of firewalls
respective gateways with dual stacked (i.e. IPv4
and/or IPv6) hosts and a larger number of subnets
easy and feasible.

etherdam is an IPTables firewall configuration
engine. It implements a primitive (and hopefully
simple) scripting language as an alternative to
the direct use of iptables. It comes with full
documentation plus a heavily-commented example
config file. The config file should work for many
scenarios with minimal adjustment.

ADSL4Linux is a program to install ADSL under Linux in the easiest way
possible. The install script consists of 3 easy steps and it does not require
any deep knowledge of Linux. It currently only works for MXStream by KPN in the
Netherlands.