Firewalls


        The firewalls directory contains software which allows access controls
        on network security domains to be established, enforced and monitored.

          o Astaro Security Linux
            Astaro Security Linux is a Linux distribution designed for
            operation as a standalone firewall, providing packet filtering and
            application-level proxy services and IPSec-based VPN capabilities
            for connecting to/from compatible networks and devices.
            Administration is carried out through a web browser interface. It
            is downloadable as an ISO image.
            

          o Dante
            Dante is a SOCKS client and server implementation for Unix that can
            be used to provide convenient and secure network connectivity to a
            wide range of hosts while requiring only the server Dante runs on
            to have external network connectivity.
            

          o DeleGate
            DeleGate is a multi-purpose application level gateway, or a proxy
            server which runs on multiple platforms (Unix, Windows and OS/2).
            DeleGate mediates communication of various protocols (HTTP, FTP,
            NNTP, POP, Telnet, etc.), applying cache and conversion for
            mediated data, controlling access from clients and routing toward
            servers
            

          o Firewall Builder (fwbuilder)
            Firewall Builder consists of an object-oriented GUI and a set of
            policy compilers for various firewall platforms. In Firewall
            Builder, a firewall policy is a set of rules; each rule consists of
            abstract objects that represent real network objects and services
            (hosts, routers, firewalls, networks, protocols). Firewall Builder
            helps users maintain a database of objects and allows policy
            editing using simple drag-and-drop operations. Preferences and
            object databases are stored in XML format. We support policy
            compiler for the popular free firewall engines iptables, ipfilter
            and OpenBSD PF. The GUI is written using GTK-- toolkit and can be
            used on both Gnome and KDE systems.
            

          o gShield
            gShield is an iptables firewall for use with the 2.4.x series of
            the Linux kernel. Features include support for multiple NATs,
            configurable public service access, access control lists, routable
            protection, DMZ support, port-forwarding, MAC-specific filtering,
            configurable outgoing filtering, blacklists, support for
            transparent proxy, QoS marking of common transports and more.
            

            HLFL
            HLFL stands for "High Level Firewall Language". It translates your
            high level language firewalling rules into usable rules for
            IPChains, NetFilter, IPFilter, Cisco, and many others.
            

          o IP filter (ipf)
            IPFilter is a software package that can be used to provide network
            address translation (NAT) or firewall services. To use, it can
            either be used as a loadable kernel module or incorporated into
            your UNIX kernel; use as a loadable kernel module where possible is
            highly recommended.
            

          o Mason
            Mason is a tool that interactively builds a firewall using Linux'
            ipfwadm or ipchains firewalling. You leave mason running on the
            firewall machine while you are making all the kinds of connections
            that you want the firewall to support (and want it to block). Mason
            gives you a list of firewall rules that exactly allow and block
            those connections.
            

          o nstreams
            nstreams is a network streams analyzer. From a tcpdump output (or
            directly by listening onto the network) it generates the list of
            network streams that your users generate (http, ftp, ...) and
            produces the firewall that goes with it (ipchains and ipfw).
            

          o nylon
            nylon is a socks 4 and 5 compliant proxy server. it acts as a
            transparent transport for any socks compliant internet client. it
            does not yet support binding (it will soon).
            

          o pktfilter
            PktFilter is a software that can configure the IP filtering device
            driver present in Windows 2000, with filtering rules following a
            syntax similar to IP Filter ones.
            

          o rc.firewall (rcf)
            rcf (aka rc.firewall) is an ipchains-based firewall with support
            for over 50 network service modules (including vtun, dhcp, nfs,
            smb, napster, proxies, online games, etc.), masquerading, port
            forwarding, and ip accounting. All services are self-contained
            modules which can be prioritized in the ipchains stack. Protections
            include spoofing, stuffed routing/masqerading, DoS, smurf attacks,
            outgoing port scans, and many more. rcf also supports unlimited
            public, private (masqu'ed), dmz, and mz (non-masq'ed) interface and
            their subnets.
            

          o tinyproxy
            tinyproxy is a GPLed, lightweight HTTP proxy. Designed from the
            ground up to be fast and yet small, it is an ideal solution for
            sites where a full-featured HTTP proxy is required, but the system
            resources required to run a more demanding HTTP proxy are
            unavailable.
            

        

        (Note: This list of software and information available at Wiretapped is
        not exhaustive. Users are encouraged to browse and search the archive
        and read any available "-README.txt" files that are available)