DeleGate is a multi-purpose application level gateway or proxy server that mediates communication of various protocols, applying cache and conversion for mediated data, controlling access from clients, and routing toward servers. It translates protocols between clients and servers, converting between IPv4 and IPv6, applying SSL (TLS) to arbitrary protocols, merging several servers into a single server view with aliasing and filtering. It can be used as a simple origin server for some protocols (HTTP, FTP, and NNTP).
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
Nmap ("Network Mapper") is a utility for network exploration, administration, and security auditing. It uses IP packets in novel ways to determine which hosts are available online (host discovery), which TCP/UDP ports are open (port scanning), and what applications and services are listening on each port (version detection). It can also identify remote host OS and device types via TCP/IP fingerprinting. Nmap offers flexible target and port specifications, decoy/stealth scanning for firewall and IDS evasion, and highly optimized timing algorithms for fast scanning.
LFT (Layer Four Traceroute) is a sort of "traceroute" that often works much faster than the commonly-used Van Jacobson method and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features, including TCP, UDP, or ICMP-based traces, AS number lookups through several reliable sources, loose source routing, netblock name lookups, and more. LFT also distinguishes between layer-4 protocols, which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 hops.
mfw allows multiple firewall configurations to be managed from the commandline on Mac OS X. Multiple firewall modes (and easy means of selecting between them) are useful on laptops, where one may want a default paranoid firewall, a mode for network scanning with nmap, modes for various networked games, or to run a software Network Address Translation (NAT) wireless base station.
Extensible Messaging Platform is a spam-filtering firewall server application. It protects any SMTP mail server from spam, email- orne viruses (including dangerous auto-launch viruses) and other objectionable content. It filters mail using complex contextual signatures (not simple keyword lists). The use of contextual signatures results in high success and extremely low false-positive rates. Additional features include automatic XML extraction/database insertion, optional POP3 retrieval, comprehensive user-definable contextual filtering, content-based message routing and developer API.
Firewall Builder for PIX hides the complexity of PIX command line interface and automatically configures options and parameters that usually make manual configuration a real chore. With this module, the same workstation running Firewall Builder can create and manage security policy on Cisco PIX or FWSM firewalls, as well as on firewalls built with iptables, OpenBSD pf, or ipfilter.
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, Cisco routers, Snort, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG or NFLOG target.