Free barracuda spam firewall software for linux

SpamFirewall is a mail server filter script that automatically blocks mail servers that send too much spam.
This first version of the software is alittle hard coded. I want to make it more
modular with a client/server setup, plugins for different firewall systems, and
plugins for spam matching. At present however its geared toward postfix, iptables
and spamassassin.
To run te firewall make these steps:
Run spamfirewall.sql against your mysql server. Or the update sql patches.
Modify spamfirewall and spamfirewallmaintenance to match your mysql users prefs, spam thresholds, and expire times.
Add spamfirewall to your MTAs filter script. An example filter.sh is included.
Add spamfirewallmaintenance to cron. For example the following /etc/crontab line to run once an hour:
09 */1 * * * root /usr/local/bin/spamfirewallmaintenance >/dev/null
Main features:
- - Automatically queues the IP addresses of mail servers and spammers from messages
- that match the spam rules.
- Automatically firewall those mailservers and spammers if they send enough spam to meet your desired threshold.
- Automatically removes IP addresses from the queue and from the blocked list after a specified expiration period.
- Each repeat offense from a spammer will increase the amount of time they are blocked. With good behavior the amount of time will decrease.

BullDog is a powerful but lightweight firewall for heavy use systems. With many features, this firewall can be used by anyone who wants to protect his/her systems. This system allow dynamic and static rules sets for maximum protection and has several advance features.

This firewall will work for the hobbyist or a military base. Generation 7 is a complete rewrite of its predecesors and is redesigned from scratch and still evolving.

Be prepared to spend some time setting this up. If you are looking for a "quick fix", then you are on the wrong site. BullDog is NOT a quick fix, but rather one step in a complete security policy.

Its is covered by the GPL and is FREE and always will be. I encourage and welcome anyone who wants to port and/or provide ideas/code to better this software.

I would like to see this software developed into a new breed of firewall that provides the best of security with ease of use.

This software was developed on Linux v2.2.16-17 and v2.4 with 64 megs to 1 Gig of RAM and supports iptables via the ip_queue kernel module. Bulldog will NOT run on Windows systems.

Gibraltar Firewall is a firewall and router package, based on Debian/GNU Linux, which perfectly meets all individual requirements for a state-of-the-art firewall.
Independent of the kind of Internet connection (dedicated line, ADSL, dial-up connection), Gibraltar provides for secure connections. So you can turn to something more important without ruffle and worries - your job!
Gibraltar is free for private use. The private license is restricted to a maximum of 5 concurrent connections and includes the easy-to-use webinterface. For obtaining a private license, please contact us via email.
Attention: Without a valid license file, Gibraltar will not run properly!
For the private use of Gibraltar, no claim on support or guarantee can be raised.
All ISO images are copyright of Rene Mayrhofer and eSYS Information Systems GmbH, but may be copied and distributed freely. Several components of Gibraltar are under GPL or BSD license. For detailed usage licenses read the packet documentations under /usr/share/doc on the ISO image.
If you would like to distribute Gibraltar commercially, please refer to our partner program.
Gibraltar can be completely configured with the web-based configuration tool GibADMIN. The configuration of Gibraltar occurs over an encoded, secured connection, and can be done with any browser. The web-interface is designed intuitional and concise, and enables the administrator to change the configuration very easy and quick.
Gibraltar convinces through jutting flexibility and extensive functionality.
Main features:
- SYSTEM
- Live CD technology: Gibraltar boots and runs fully off CD-ROM
- No hard disk installation required
- Specially hardened Linux kernel
- Languages: English, German, Finnish
- Remote configuration with web interface (SSL 128 Bit) or remote login (SSH)
- Easy configuration management
- Automatic live updates: interval can be configured
- NETWORK SUPPORT
- Ethernet: 10/100/1000 MBit/s: static or DHCP, virtual IP addresses
- ADSL Ethernet modems: PPP over Ethernet, PPTP
- ADSL USB modems: PPP over ATM
- Modem dial in: serial, USB
- Unlimited number of network interfaces
- STATEFUL PACKET INSPECTION
- Protocol support: ICMP, TCP, UDP, GRE, ESP, AH, IPv4-over-IPv6
- Flexible packet filter: interface, MAC address, IP address, service, port,....
- NAT: Network address translation: dynamic and static
- PAT: Port address translation: load balancing (Round Robin)
- Free definition of aliases and groups: addresses and ports
- DoS/flood - protection: predefined, expandable
- Randomized IP sequencing
- Selective TTL manipulation
- Protocol pass through: PPTP, FTP, H.323, IRC
- VPN (VIRTUAL PRIVATE NETWORKS)
- VPN IPSec gateway
- VPN PPTP server: MPPE 128 Bit data encryption
- Network-to-network VPN
- Network-to-client VPN: compatible with Microsoft Windows 2000 / XP
- Unlimited number of VPN tunnels
- Authentication with PSK (Private shared key) and X.509 certificates
- Encryption: 3DES, Blowfish, Twofish, AES, CAST, Serpent
- Authentication PPTP: CHAP, MS-CHAPv1, MS-CHAPv2
- NAT traversal
- Perfect forward secrecy (PFS)
- DEEP PACKET INSPECTION
- Secure SMTP relay: incoming, outgoing, attachment blocking, block lists, antivirus and spam protection
- Transparent HTTP proxy: no client configuration necessary, spam protection
- User authentication: user list, active directory integration, LDAP
- Content caching
- Content scanning: antivirus, cookies, active X, java script
- FTP proxy: transparent outgoing, incoming
- Transparent POP3 proxy: antivirus, spam protection and protection of dangerous attachments
- ADDITIONAL SERVICES
- Dynamic DNS
- DHCP server
- Secure DNS resolve
- SSL wrapper for arbitrary services
- Portscan detection
- Antispam filter: rule based, Bayes, RBL, Razor and DCC
- ClamAV virus scanner
- OPTIONAL: Kaspersky virus scanner

NATting SOHO firewall is a firewall script for iptables.

# Model NATting SOHO firewall for SP article
# by Jay Beale (jay@bastille-linux.org)
#
# Warning: youre going to have to hack this for your own purposes.
#

# Assumptions:
# your internal network is 192.168.1.0/24 on eth1
# your internet IP is 10.0.0.1 on eth0
# your internal network IP on eth1 is 192.168.1.1
#
# Additonally:
# you have another internal network, a DMZ: 192.168.2.0/24 on eth2

$INTERNAL_IP = 192.168.1.1
$INTERNAL_NET = 192.168.1.0/24

$INTERNET = 10.0.0.1

$DMZ = 192.168.2.0/24

# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp

# Set default policies for packets going through this firewall box

iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -P FORWARD DROP

# Set default policies for packet entering this box

iptables -P OUTPUT ALLOW
iptables -P INPUT ALLOW

# Kill spoofed packets

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done

# Anything coming from our internal network should have only our addresses!
iptables -A FORWARD -i eth1 -s ! $INTERNAL_NET -j DROP

# Anything coming from the Internet should have a real Internet address
iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP

# Note:There are more "reserved" networks, but these are the classical ones.

# Block outgoing network filesharing protocols that arent designed
# to leave the LAN

# SMB / Windows filesharing
iptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
# NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
# NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
# Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP

# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP

###
# Transparently proxy all web-surfing through Squid box

$SQUID = 192.168.1.2:8080
$SQUIDSSL = 192.168.1.2:443
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to $SQUID
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 443 -j DNAT --to $SQUIDSSL

# Transparently forward all outgoing mail to a relay host

$SMTP = 192.168.1.3
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 25 -j DNAT --to $SMTP

# Transparently redirect web connections from outside to the DMZ web
# server

$DMZ_WEB = 192.168.2.2
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -dport 80 -j DNAT --to $DMZ_WEB

# Source NAT to get Internet traffic through
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $INTERNET


# Activate the forwarding!
echo 1 >/proc/sys/net/ipv4/ip_forward

Initial SIMPLE IP Firewall is a script for Linux 2.4.x and iptables.

Sample:

Configuration options

###################################
#
# Local Area Network configuration.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#

LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.255.255"
LAN_IFACE="eth1"

###################################
#
# Localhost Configuration.
#

LO_IFACE="lo"
LO_IP="127.0.0.1"

###################################
#
# Internet Configuration.
#

INET_IP="194.236.50.155"
INET_IFACE="eth0"

###################################
#
# IPTables Configuration.
#

IPTABLES="/usr/sbin/iptables"

Module loading

#
# Needed to initially load modules
#
/sbin/depmod -a

#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE

#
# Support for owner matching
#
#/sbin/modprobe ipt_owner

#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc

Multi Network Firewall is the up-to-date Mandriva Linux security solution dedicated to the business world. Maximum innovation, performance and scalability is only a click away thanks to an easy-to-use web interface.
Combining firewall, Intrusion Detection System and VPN functionality, MNF 2 is the ultimate full-featured security solution meeting all your demands. Furthermore, to make your network even more secure, benefit from a year of free updates through Mandriva Online Pro!
Main features:
- a firewall, to protect your computer network from unauthorized access (filtering).
- Intrusion Detection System, to alert you to abnormal network activity.
- Virtual Private Network, to enable a secure private tunnel over public networks.
- Proxy server, to intercept all web traffic entering the network.
- DHCP server, to enable the automatic configuration of new machines connected to the LAN.
- Caching DNS, to provide a local DNS service for computers connected to the LAN.
New Featurs:
As well as the existing IPSec, MNF2 provides 2 other types of VPN:
PPTP: a desktop under Windows(R) can be automatically connected without installing any special software
OpenVPN: a lighter open source VPN; Compattible with Linux, Mac OS and Windows
Bonding: Channel combines several network interfaces into a single connection. Effectively, it means that data transfer speeds can be multiplied.
Bridging: this new function enables the administrator to build bridges between network interfaces.
Traffic shaping: You can regulate the flow of traffic on your network just by clicking on a wizard.
Network mapping: Makes it possible to connect networks which use the same private network addresses
Peer-to-Peer Filtering: MNF2 automatically blocks network traffic from "Fast Track" peer-to-peer clients.
Better software support
2.6 Linux Kernel
Better hardware support
Improved support for multiple network cards (up to 10)
Wi-Fi Support
Better ADSL support
Services included in the product
Mandriva Online Pro: benefit from updates for one year through Mandriva Online Pro
Support included/

Automatic Firewall is a script that will automatically configure a firewall. If you are a broadband or dial-up user who doesnt have a firewall script, you need to get one to protect yourself. AutoFW is made to help you do that with no efforts.
Many people when connecting to the internet need a firewall script made for them so they can surf the net without being susceptible to various attacks. Most, if not all (until now :-), of the existing scripts are written for a large range of requirements and require some tweaking to make them work for a specific user. However many users do not know which parameters to fill in the script config file.
AutoFW intends to provide a simple firewall script that you just need to fire and forget. You make sure to run it on computer start-up or just before connecting to the net, and it will detect network condition and setup appropriate firewall rules for you.
In order to be "smart" AutoFW has to be limited, the current scope of AutoFW are standard broadband connections, it will also cover dial-up users and stand-alone servers.
AutoFW works only for Linux IPTables firewall and needs the iptables utility to update the firewall, it also needs the ifconfig utility, both of these are available on any standard install of a GNU/Linux machine.
AutoFW also needs the ip program which is part of the iproute2 package, sometimes also called iproute. It is available as a package for any standard GNU/Linux install, not it might not be installed in your particular.
There are two parts that do automatic detection, one is for interfaces and IPs and the other is for open listening ports.
The interface part looks at all the active interfaces in the machine and classifies them between internal and external. It does that by looking at the IPv4 address of the device. If it is one of:
127.0.0.0/8
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
it is considered to be an internal IP and thus an internal interface, otherwise it is an external IP and thus an external interface. There is no handling of an interface with both an internal and an external IP on it.
The listening ports are scanned for a known port and the accompanying known program name that binds to that port, known ports are opened later in the configuration stage.
The configuration itself is very simple for now, without many of the bell and whistles that exist in other scripts, but it works for the basic needs and provides adequate protection.
Enhancements:
- Internal systems are now protected, as well as servers and NAT gateways.

PCX Firewall is an IPTables firewalling solution that uses Perl to generate static shell scripts based upon the users configuration settings.
This allows the firewall to startup quickly, as it does not have to parse config files every time it starts.
Enhancements:
- All known bugs have been fixed. Support has been added for Debian Sarge and Red Hat FC[1-3] as "official" distributions to work with when generating init scripts. The ability has been added to just install the generated firewall script into /etc/init.d or /etc/pcx-firewall without starting it.