Software Map

fwsnort translates snort rules into an equivalent
iptables ruleset. By making use of the iptables
string match module, fwsnort can detect
application layer signatures which exist in many
snort rules. fwsnort adds a --hex-string option to
iptables, which allows snort rules that contain
hex characters to be input directly into iptables
rulesets without modification. In addition,
fwsnort makes use of the IPTables::Parse Perl
module in order to (optionally) restrict the snort
rule translation to only those rules that specify
traffic that could potentially be allowed through
an existing iptables policy.

AMaViS (A Mail Virus Scanner) scans e-mail
attachments for viruses using third-party virus
scanners available for UNIX environments. It
resides on a UNIX (Linux) machine and looks
through the attached files arriving via e-mail,
generates reports when a virus is found and sets
the delivery on hold.

Sshguard monitors services through their logging
activity. It reacts to messages about dangerous
activity by blocking the source address with the
local firewall. Sshguard employs a clever parser
that can transparently recognize several logging
formats at once (syslog, syslog-ng, metalog,
multilog, raw messages), and detects attacks for
many services out of the box, including SSH,
several ftpds, and dovecot. It can operate all the
major firewalling systems, and features support
for IPv6, whitelisting, suspension, and log
message authentication.

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, Cisco routers, Snort, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG or NFLOG target.

The Userspace Logging Daemon (ulogd) is a flexible framework for extensive logging of packets on a firewall machine. ulogd uses the ULOG target of iptables/netfilter, the packet filtering framework of Linux 2.4 and 2.6. It supports binary plugins for adding packet interpreters and output-targets (e.g., for logging into databases, user-defined filetypes, etc.).

conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

nftables aims to replace the existing {ip,ip6,arp,eb}tables framework. It provides a new packet filtering framework, a new userspace utility, and a compatibility layer for {ip,ip6}tables. nftables is built upon the building blocks of the Netfilter infrastructure such as the existing hooks, the connection tracking system, the userspace queueing component, and the logging subsystem.

tcptraceroute is a traceroute implementation using TCP SYN packets, instead of the more traditional UDP or ICMP ECHO packets. In doing so, it is able to trace through many common firewall filters.

DNS Blacklist Packet Filter is a Linux netfilter client that decides whether to accept or drop packets based on the results of a DNS blacklist query (such as MAPS, SORBS, or SPEWS, to name a few). One use is to filter all incoming SMTP SYN packets for spam filtering.

BBStatus is an IP accounting package and an SNMP and IP monitoring tool for Linux. It collects, summarizes, and displays the values from its database. It can be used for IP accounting (allows you to design various
kinds of accounting filters), SNMP monitoring (collects data making SNMP requests), ICMP monitoring (stores and summarizes values like min, avg, max reply time, and packet loss), and client traffic filtering (using various types of filters). It also provides user based access so that every user can log in and visualize various data (depending on access rights). It requires PostgreSQL, Apache with mod_auth_pgsql, Perl(Net::SNMP), and RRDTool.

The MiniUPnP project is a library and a daemon.
The library is aimed to enable applications to use
the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running
OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most
interesting features is to enforce some
permissions to allow or deny redirections,
bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.

Sphirewall is a user-centric analytical network firewall/router. Out-of-the box, it provides user authentication coupled with powerful analytics which provide you with complete control over your network and users. With Sphirewall, you can manage and understand what is happening on your network with features such as qos, bandwidth quotas, user authentication, and much more. Not built on iptables, it is able to do things which other Open Source firewalls can't. Its very flexible, and with its open JSON API, can easily be plugged into any existing environment.