IPFire is a Linux firewall distribution that is built from source and comes with lots of additional features. It is easy to set up and administer. It features a firewall with stateful inspection, a content filtering engine, traffic control (QoS), VPN technology, and a lot of logging.
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining familiar aspe
OpenMPTCProuter is a solution to aggregate and encrypt (and can obfuscate) multiple internet connections and terminates it over any VPS which make clients benefit security, reliability, net neutrality, as well as dedicated public IP. The aggregation is based on Multipath TCP (MPTCP), which is ISP, WAN type, and latency independent "whether it was Fiber, VDSL, SHDSL, ADSL or even 4G", different scenarios can be configured to have either aggregation or failover based on MPTCP. Aggregation via Mu
psad is an intrusion detection system built around iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic. For TCP scans psad analyzes TCP flags to determine the scan type (syn, fin, xmas, etc.) and corresponding command line options that could be supplied to nmap to generate such a scan. In addition, psad makes use of many TCP, UDP, and ICMP signatures contained within the Snort intrusion detection system (see http://www.snort.org/) to detect suspi
Dowse is a transparent proxy facilitating the awareness of ingoing and outgoing connections, from, to, and within a local area network. Dowse provides a central point of soft control for all local traffic: from ARP traffic (layer 2) to TCP/IP (layers 3 and 4) as well as application space, by chaining a firewall setup to a trasparent proxy setup. A core feature for Dowse is that of hiding all the complexity of such a setup.
The IPTables::Parse package provides an interface to parse iptables or ip6tables rules on Linux systems through the direct execution of iptables/ip6tables commands, or from parsing a file that contains an iptables/ip6tables policy listing. Note that the 'firewalld' infrastructure on Fedora21 is also supported through execution of the 'firewall-cmd' binary. By default, the path to iptables is assumed to be '/sbin/iptables', but if the firewall is 'firewalld', then the '/usr/bin/firewall-cmd' is u