Netfilter

Netfilter tracker is a tracking tool for iptables logs, similar to Checkpoint(tm) Smartview Tracker. Includes storage in an embedded SQL database and a graphical application (viewer) to access filtered data. Platforms: *nix

This is a KDE-based wizard aimed at making the process of setting up a linux netfilter firewall easy, especially on distributions with no firewall tool of their own, such as slackware. It creates a shell script, suitable for caling from an init script, or on slackware, being saved as... Platforms: *nix

libnfnetlink is the low-level library for netfilter related kernel and userspace communication. It provides a generic messaging infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or management tools in... Platforms: *nix

WallFire is a very general and modular firewalling application based on Netfilter or any kind of low-level framework. It will enable to manage every aspect of a firewall administration, from configuration to monitoring, intrusion detection, etc... WallFire will provide command line and... Platforms: *nix

pdumpq provides a pcap Dump for Linux/Netfilter QUEUE. pdumpq can be used to take queued packets from netfilter/iptables and dump them to a file that decoders like tcpdump, ethereal, and snort can read. You can also just pipe it through to the packet decoder and see what is in those packets... Platforms: *nix

The IP Personality project is a patch to the Linux kernels that adds netfilter features: it enables the emulation of other OSes at the network level, thus fooling remote OS detection tools such as nmap that rely on network fingerprinting. Platforms: *nix

The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux Netfilter firewalling code to detect port scans and other suspect traffic. Port Scan Attack Detector project features a set of highly configurable danger thresholds (with... Platforms: *nix

specter is a user-space logging facility for the Linux netfilter system. It uses netfilters ULOG target to gather packets, and passes them to attached plugins. Its features a flexible and robust modularized structure, and is based on ulogd, but has improved design and wider functionality. It... Platforms: *nix

libnfnetlink is the low-level library for netfilter related kernel/userspace communication. libnetfilter_log provides a generic messaging infrastructure for in-kernel netfilter subsystems (such as nfnetlink_queue, nfnetlink_log, nfnetlink_conntrack) and their respective users and/or management... Platforms: *nix

DNS Blacklist Packet Filter project is a Linux netfilter client that decides whether to accept or drop packets based on the results of a DNS blacklist query (such as MAPS, SORBS, or SPEWS, to name a few). One use is to filter all incoming SMTP SYN packets for spam filtering.. Platforms: *nix

moltiblock is a user-space plugin to netfilter for blocking lots of nets. No need to recompile kernel or patch other sources. To install just type make. Then copy the binary to /usr/local/sbin or wherever. Put one CIDR per line in /etc/moltiblock/cidr.deny, like so: -- snip --... Platforms: *nix

Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. Nuface project features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate... Platforms: *nix

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ?The responses are in the IPTables log analyzer. Platforms: PHP

Ufw stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use. Platforms: *nix

bastion-firewall is a Netfilter based firewall for Linux. It can generate graphical stats of all the rules traffic in the firewall with Rrdtool and it's integrated with the Snort Inline IPS. It's written in the bash and C programming languages. Platforms: *nix

BastionX is a suite of bash scripts which provide a firewall system using netfilter on linux.Some of the supported features are flow control & QoS, local & WAN ip blacklists, dynamic trusted hosts, DMZ feature, auto detection of interfaces. Platforms: *nix

Authfail is a program that goes with real time updating on FIFO file and adds IP into netfilter with DROP/REJECT policy in real time. The FIFO file is /dev/authfail. The rejected hosts database is located in /var/log/authfail. Each time a given host will do an "authentication failure" via... Platforms: *nix

Brcontrol is a set of patches to allow some interaction between a IDS and a firewall (currently snort and linux netfilter). It will help in the creation of aggresive honeypots or other advanced firewall and ids configurations. In can also work as bridge.. Get Brcontrol at SourceForge.net. Fast,... Platforms: *nix

IPMENU is a user interface to Netfilter/iptables and Linux policy routing or traffic control, allowing you to edit firewall rules and configure the firewall to "mark" packets for policy routing or for class based queueing (CBQ). Netfilter is the Linux 2.4 subsystem for configuring a multi-homed... Platforms: *nix

Layer-7 Packet Classifier for Linux is a classifier for the Linux kernels Netfilter subsystem that identifies packets based on application layer data (OSI layer 7). This means that it can classify packets as HTTP, FTP, Gnucleus, eDonkey2000, etc, regardless of port. Our classifier complements... Platforms: *nix