Free endian firewall 2.1.2 community software for linux

redWall is a bootable CD-ROM Firewall. redWall Firewalls goal is to provide a feature rich firewall solution, with the main goal, to provide a webinterface for all the logfiles generated!
Main features:
- Configuration is currenty stored on a floppy/USB Memory Stick/Harddrive or sent by email (see todo !)
- Due the fact, that most reporting functionality is done via mysql (except for the squid reports), its possible to use the cd as a Mangagement/Logging Console for other firewalls running in your environment using the same cd! Take snort for instance.. you can have 10 firewalls :) running snort, reporting back to the main database on the management/Logging system, in order to have a central "overview" of all your firewalls... Using the SAME CD !! Its all up to you how you configure your firewall and/or Management box !
- based on redhat 9.0
- bridging support
- Mail Virusscanning, spamfiltering and gateway functionality
- /etc is writable (tmpfs) feeded by the configuration medium
- /var is writable (ramdisk or harddisk) (you are not going to run squid on a ramdisk... arent you ?)
- The cd will (at least it should) detect all your network cards (using kudzu) during the initial boot
- During the initial boot, you can setup some basic things like IP Address, Services to start (all disabled by default) and so on
Enhancements:
- A whole lot of new features have been added.
- vuurmuur has been installed again.
- The initial setup has been rewritten to be like a step-by-step configuration.
- A webmin module for openvpn has been added.
- A comprehensive reverse proxy called vultureng has been added.
- Major bugfixes have been applied.

Alfandega is a strong and Modular IpTables Firewall. With Alfendanga you can provide NAT, port-forwarding, spoofing list, blacklist of crackers and spywares sites, protection for tcp/udp scans, DOS/DDOS and Smurf attacks, TCP tuning, DHCP and PPP support and much more (this will depends on your imagination).
To view the install instructions read the ./INSTALL file.
To read the terms of licence Alfandega released under see ./COPYING.
To know what other software Alfandega requires proceed to ./REQUIRES reading.
Note: Slackware and other non-rpm distros users must read carrefully the
./INSTALL file. Debian packages not supported yet.
Enhancements:
- Added Configurator
- Moved chains.conf, modules.conf and run-scripts.conf
- acl.conf and interfaces.conf concatened with alfandega.conf
- ACLs is now called as NVLs (because confusion with filesystem ACLs)
- Some changes in addons engine

SINUS project is a application which assess the potential of security without obscurity.
The SINUS Firewall is a TCP/IP packet filter for the Linux operating system. It is distributed under the GNU General Public Licence and comes with complete source code, as the Linux operating system does.
The SINUS firewall is a free and easy way to protect your network from the malware of the Internet. It does not guarantee perfect security, however it comes with a wealth of features, including:
Filtering of all header fields in the IP, TCP, UDP, ICMP, IGMP packets.
Intelligent RIP and FTP support.
Easy to understand, text-based configuration.
Graphical management interface for configuration of several firewalls.
Dynamic rules, including counters and time-outs.
Extensive logging, alerting, and counter intelligence.
Prevention of packet and address spoofing - GNU GPL license.
To install the software, you need a Linux 2.0.x based system. We suggest you install a bare-bone system without X or any of the other nifty features which tend to have security holes. You should not install user accounts on the firewall system. Log-ins other than from the console should be forbidden (if you absolutely have to log in remotely, we strongly suggest you install a copy of ssh).
Although the software has been subject to thorough testing, and has been continuously running without crashes for over 12 months, we are confident someone will eventually unconver A BUG in the software. Therefore, it is version "0.1".
Please do not use this software as the sole means to protect your top secret data. This software is intended for:
People who want to study firewalls
People who dont trust their current firewall
People who currently dont have any protection at all (even if there are serious bugs, it cannot get worse, can it?)
Enhancements:
- NEW FEATURES
- user level authentification between firewall and management interface
- compiles and runs on libc6 (glibc2) systems.
- CHANGES
- management interface now written as Java application (JDK 1.1.6)
- detect land attack
- changed name from sf to sifi (SINUS firewall) due to change of maintainer (now Harald Weidner ).
- BUG FIXES
- TCP RST of established connections now pass through the firewall
- fixed a segfault bug in the passive FTP code

DHCP IP Firewall script project is a script for Linux 2.4.x and iptables.

Sample:

1. Configuration options - use these to quicken up the set up.

####################################
# Local Area Network configuration.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24 bits of the 32 bit IP adress. the same as netmask 255.255.255.0

LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"

######################################
#
# Localhost configuration.
#
# Localhost Interface and IP. Should not need any changes.
#

LO_IFACE="lo"
LO_IP="127.0.0.1"

#######################################
#
# Internet configuration.
#
# All information pertaining to the Internet and the Internet connection.
#

INET_IFACE="eth0"

#######################################
#
# DHCP Configuration.
#
# Information pertaining to DHCP over the Internet, if needed.
#
# Set DHCP variable to No if you dont get IP from DHCP. If you get DHCP over the Internet set this variable to Yes, and set up the proper IP adress for the DHCP server in the DHCP_SERVER variable.

DHCP="No"
DHCP_SERVER="195.22.90.65"

#########################################
#
# PPPOE Configuration.
#
# Configuration options pertaining to PPPoE.
#
# If you have problem with your PPPoE connection, such as large mails not getting through while small mail get through properly etc, you may set this option to "yes" which may fix the problem. This option will set a rule in the PREROUTING chain of the mangle table which will clamp (resize) all routed packets to PMTU (Path Maximum Transmit Unit).
#
# Note that it is better to set this up in the PPPoE package itself, since the PPPoE configuration option will give less overhead.

PPPOE_PMTU="No"

##########################################
#
# IPTABLES configuration.
#
# Options pertaining to iptables such as searchpath, etc.
#

IPTABLES="/usr/sbin/iptables"

Gibraltar Firewall is a firewall and router package, based on Debian/GNU Linux, which perfectly meets all individual requirements for a state-of-the-art firewall.
Independent of the kind of Internet connection (dedicated line, ADSL, dial-up connection), Gibraltar provides for secure connections. So you can turn to something more important without ruffle and worries - your job!
Gibraltar is free for private use. The private license is restricted to a maximum of 5 concurrent connections and includes the easy-to-use webinterface. For obtaining a private license, please contact us via email.
Attention: Without a valid license file, Gibraltar will not run properly!
For the private use of Gibraltar, no claim on support or guarantee can be raised.
All ISO images are copyright of Rene Mayrhofer and eSYS Information Systems GmbH, but may be copied and distributed freely. Several components of Gibraltar are under GPL or BSD license. For detailed usage licenses read the packet documentations under /usr/share/doc on the ISO image.
If you would like to distribute Gibraltar commercially, please refer to our partner program.
Gibraltar can be completely configured with the web-based configuration tool GibADMIN. The configuration of Gibraltar occurs over an encoded, secured connection, and can be done with any browser. The web-interface is designed intuitional and concise, and enables the administrator to change the configuration very easy and quick.
Gibraltar convinces through jutting flexibility and extensive functionality.
Main features:
- SYSTEM
- Live CD technology: Gibraltar boots and runs fully off CD-ROM
- No hard disk installation required
- Specially hardened Linux kernel
- Languages: English, German, Finnish
- Remote configuration with web interface (SSL 128 Bit) or remote login (SSH)
- Easy configuration management
- Automatic live updates: interval can be configured
- NETWORK SUPPORT
- Ethernet: 10/100/1000 MBit/s: static or DHCP, virtual IP addresses
- ADSL Ethernet modems: PPP over Ethernet, PPTP
- ADSL USB modems: PPP over ATM
- Modem dial in: serial, USB
- Unlimited number of network interfaces
- STATEFUL PACKET INSPECTION
- Protocol support: ICMP, TCP, UDP, GRE, ESP, AH, IPv4-over-IPv6
- Flexible packet filter: interface, MAC address, IP address, service, port,....
- NAT: Network address translation: dynamic and static
- PAT: Port address translation: load balancing (Round Robin)
- Free definition of aliases and groups: addresses and ports
- DoS/flood - protection: predefined, expandable
- Randomized IP sequencing
- Selective TTL manipulation
- Protocol pass through: PPTP, FTP, H.323, IRC
- VPN (VIRTUAL PRIVATE NETWORKS)
- VPN IPSec gateway
- VPN PPTP server: MPPE 128 Bit data encryption
- Network-to-network VPN
- Network-to-client VPN: compatible with Microsoft Windows 2000 / XP
- Unlimited number of VPN tunnels
- Authentication with PSK (Private shared key) and X.509 certificates
- Encryption: 3DES, Blowfish, Twofish, AES, CAST, Serpent
- Authentication PPTP: CHAP, MS-CHAPv1, MS-CHAPv2
- NAT traversal
- Perfect forward secrecy (PFS)
- DEEP PACKET INSPECTION
- Secure SMTP relay: incoming, outgoing, attachment blocking, block lists, antivirus and spam protection
- Transparent HTTP proxy: no client configuration necessary, spam protection
- User authentication: user list, active directory integration, LDAP
- Content caching
- Content scanning: antivirus, cookies, active X, java script
- FTP proxy: transparent outgoing, incoming
- Transparent POP3 proxy: antivirus, spam protection and protection of dangerous attachments
- ADDITIONAL SERVICES
- Dynamic DNS
- DHCP server
- Secure DNS resolve
- SSL wrapper for arbitrary services
- Portscan detection
- Antispam filter: rule based, Bayes, RBL, Razor and DCC
- ClamAV virus scanner
- OPTIONAL: Kaspersky virus scanner

Sentry Firewall CD-ROM is a Linux-based bootable CDROM suitable for use as an inexpensive and easy to maintain firewall, server, or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk, a local hard drive, and/or a network via HTTP(S), FTP, SFTP, or SCP.
The Sentry Firewall CD is a complete Linux system that runs off of an initial ramdisk, much like a floppy-based system, and a CD. The default kernel is a current 2.4.x series kernel with various Netfilter patches applied. An OpenWall-patched current 2.2.x kernel is also available on the CD.
Booting from the CDROM is a fairly familiar process. The BIOS execs the bootloader(Syslinux) - which then displays a bootprompt and loads the kernel and ramdisk into memory. Once the kernel is running, the ramdisk is then mounted as root(/). At this point our configuration scripts are run(written in perl) that configure the rest of the system. It is the job of these configure scripts to put the various startup and system files into the proper location using either what is declared in the configuration file(sentry.conf) or the system defaults located in the /etc/default directory.
Most of the critical files used at boot time can be replaced with your own copy when declared in the configuration file. This is essentially how we allow the user to configure the system using his/her own configuration and init files.
All of the binaries, files, scripts, etc, used to create the CD-ROM are also available on the CD-ROM. So, with a little practice, you can easily build and customize your own bootable Sentry Firewall CD.
Main features:
- Current Linux Kernel: 2.4.28-ow1
- OpenWall security patch(-ow1).
- StrongSwan.
- Ebtables bridge+netfilter patch.
- Linux-WLAN modules.
- MPPE patch.
- Modules-off patch [ More Info | Patch ]
- iptables v1.2.11.
- ebtables v2.0.6.
- OpenVPN.
- IProute2 utilities.
- Vconfig.
- PPTP Client/Server.
- Zebra
- Snort IDS v2.2.0
- Scanlogd
- OpenSSH and OpenSSL
- net-snmp
- Webmin
- NMap
- Many other daemons and binaries you may need -- Apache, Sendmail, Squid, Perl, BIND (static/chroot), and more.

The BigFish Firewall is a suite PHP scripts that generates a firewall script for iptables based firewalls. The script is created following the configuration rules entered by the user or standard pre-configuration rules and protections for linux systems.