ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
f7cb936c7aac861d230a972d266df509bb34fb48f4604db48ededd604466416d
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
c1b84dd4036aa9f81fc4fbd527eda202e51c3767659b8f1eef12bfb3381c5b36
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
bb827f54a77c0f8a9b471200eda3801c9ff3f2a576647ca6a576e546e20ac254
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
a7eff2176cf6e04336081417413ef69d730eac55b21888b7262d2a8a4f2a3fc0
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
a01fce8c8bd46f8be8dfa7e66ecf8f2aa0795d9454c398ea271b93c4daa346d1
Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the iso version.
c3b50ca9959b56f2c69c5185ed9e9050f2ce9c6caf04269d18fe4daf77889939
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
b8efbec32786f3e213f68fe3d79d4bc51924a83a98149789f552c67ad5b33dcc
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
f38274d992d16220373422c33ba39247b154cd1f4fe5245950596b1602185b6f
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
5b042c182c7f4d1abb4ba5c65f008a56a8d223b186c847385863772e6c37ed45
Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
7d4f8245de98f0a362f5ddfdeb672ee887eb54f39056764df98429d6eab4c26b
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
4cbfc786e2c69b36aa788fb55e19050b1b7e7119ae8178d6528475e1cc9b058c
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
81e18949033091e2aa40c8b7faa6951c606d04d529ba994919824e23715a4887
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
ea5c3a7c800ddbed969cfe09def7978c1a25636fc0fad6b61f85b59a01bcd487
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
a000be1cd760a5ca3ce687c4ee20fd925de3e78ddb59ea3742761a9d6d15f26b
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
7b21e1e8b12a08d7ee54f83a9070950961a0a3c7d8cbeabe496a2bc4fb806c65
Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
3de5cf32ed45de6bb8498b4a7cda9c81f1c4f999b6df520403a3c8bbd145e200
SlackFire is an firewall script implemented with iptables. It is completely configurable via a CLI, as all configuration is performed via configuration files. It supports all kinds of packet forwarding, including NAT, NAT with port redirection, and forwarding to machines with routable IP addresses. The configuration files are heavily commented, and messages in the log file are as informative as possible.
def2a24655e984a0d8d8a6ef179909ed8a952ecef095fa1f7042b15b22f55fac
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
e8d3b4ac3e54097c0e0f14bfab773a75d43b522fa123a42088b7f23f13495ea2
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
0f0c06e263787d03042d6443165bafefd95087367bf0f3981ba44546668d2060
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
b916e1e9b1aa5e336281e12310107a6a4b78a6bde277739bf28b965060f2df78
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
f420f6fd1d85f1272c4ba95244e27bb7c54c3c5dd2be5df4a01673d04169da58
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
f9e11ccdf60a9f118bbee8d80dc76cf7c0c649f0e18fa34a8450df271a70b582
Firewall Builder for PIX hides the complexity of PIX command line interface and automatically configures options and parameters that usually make manual configuration a real chore. With this module, the same workstation running Firewall Builder can create and manage security policy on Cisco PIX or FWSM firewalls, as well as on firewalls built with iptables, OpenBSD pf, or ipfilter.
2670e87ecc88ca5601e7faab1908605d200fdb2afb65cf474f996fb93c469b2b
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
3289fff009448b23ae5a1a23ef532cf71037575a42ae74e17ce860cba118e657
Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the iso version.
753536fe2af35d138de722bf798be521b1e439751d0d0efb32be27d8aaa043b6