Software Map

Firewall Generator is a CGI script that generates a bash shell script that
contains a list of commands for configuring a set of firewall rules. The CGI
script allows the user to select which services should be open and which
network interfaces should be open.

Cars is a command-line tool for authenticating
against the embedded Checkpoint Firewall-1
HTTP/HTTPS engine.

ITVal is a decision-diagram based query engine for
testing and verifying iptables firewalls. Because
firewalls can be very complicated, it is often
difficult to know whether your firewall is
correctly configured to protect against various
attacks. ITVal allows the system administrator to
quickly and easily verify that the firewall setup
satisfies a set of security properties expressed
as queries. Queries are specified in a simple
English-like language that is very easy to use.
Advanced firewall techniques, such as NAT and
stateful filtering, are supported.

cpt aims to be running in front of any HTTPS
server. It forwards all requests that don't call
for a "CONNECT .." to the normal HTTPS server.
There is no error handling for mistaken requests;
they go straight to the default server. A request
that doesn't pass the conditions is passed
forward too, and the Web server will handle it
(with the default error page). Users should be
unaware that cpt is running as a proxy.

Gtk-IPTables is a GTK-based frontend for iptables written in C. You can create rules for all chains for Filter, NAT, and Mangle tables.

Dwall is an all-purpose firewall tool to generate an iptables
firewall out of a simple configuration. It contains about 80
predefined services and comes with a simple 3 zone firewall
example. It is designed to be easy to configure and manage
without being limited to a specific network setup. It can
handle as many interfaces as desired and allows you to create
firewall rules that are portable between several firewalls.

Jumper is a program for the search and analysis of
hosts. It maps the network using the ARP protocol,
and optionally can create an NMap script. For
example, it can tell you which IP addresses are
free in your LAN segment or it can tell you which
hosts are on your LAN.

Loghog was designed to take a proactive stance on snort output. It supports multilog processing and is optimized for high volume traffic. It responds to events by conducting actions such as various forms of email notification and blocking via ipchains, iptables, or ipfw.

FakeBO fakes trojan server responses (Back Orifice, NetBus, etc.) and logs every attempt to a logfile, stdout/stderr or syslog. It is able to send fake pings and replies back to the client which is trying to access your system.

Yxorp is a reverse proxy for HTTP. All the fields
in requests can be checked and modified by rules.
Load balancing, virtual hosting, multiple TCP
ports, and SSL are supported. The configuration
can be modified on-line. Yxorp can be used to
protect Web sites, place pages behind a login,
rewrite URLs, etc.

NuApplet is a graphical client for NuFW. It is a
GNOME 2.x applet that uses the client
authentication library of the NuFW project. It is
a user-friendly alternative to the console client,
nutcpc. It supports multiple languages thanks to
gettext.

seven's IPtables script features extensive logging of all connection attempts,
user-definable log-levels, protection against various DoS attacks, detection of
multiple portscan types, user-defined trusted hosts, and user-defined
"open"-ports.

The Horatio system is a firewall authentication
tool. The premise: legitimate users want to attach
laptops and other mobile hosts to the network, but
security demands that illegitimate users be
prevented from accessing the internal, secure
network and from abusing the general Internet. The
approach taken by Horatio is to provide a
separate, untrusted network that only connects to
the internal network (and thus to the Internet)
through a firewall that by default does not pass
any traffic. When a legitimate user connects his
or her host, it is assigned an address by a DHCP
server (such as dhcpd), but is unable to contact
anything outside the untrusted network. The user
must point a Web browser at the Horatio web
server, which runs on the firewall machine, and
provide a username and password. Once the username
and password have been validated, the firewall
rules are modified to allow the host access to the
rest of the network.

vnstatGUI is an IPCop addon that allows you to
query an installed vnStat and show the output. This addon has been tested with IPCop version 1.4.15, but should also work on 1.4.13 and 1.4.14.

Ipt_fw is a firewall for Linux based on iptables. It is designed for client systems. Ipt_fw outputs a shell script containing iptables commands, so inspection of the settings it creates is easy. The configuration files are made in LibreOffice（OpenOffice）Calc. Making of the firewall and a machine using the firewall are separated. It allows you to set the user level and features detailed logging, IP address blacklist management, and iptables integrity.