Firewalls and routers related source code links.

Arno's IPTABLES firewall script was originally derived from Seven's (single-homed) IPTABLES script. The biggest differences are that this script has support for dual-homed machines, support for masquerading (NAT), support for ethernet ADSL/DSL modems (for both static and dynamically assigned IPs), support for all IP protocols, and support for VPNs like IPSEC (Freeswan). It also features (stealth) portscan detection, extensive user definable logging with rate limiting to prevent log flooding, port forwarding, optimizing the throughput of your internet connection, protection against SYN/ICMP flooding (DoS attacks), support for UPnP, and much more. It's easy to configure and highly customizable. It additionally includes a filter script (fwfilter) to make your firewall log more readable.

Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX. Technical summary of features supported by the policy compilers for all platforms can be found in the section "Modules".

fli4l (German) is a single-floppy Linux-based ISDN/DSL/ethernet-router. It features configuration with some simple ASCII-files, several possible connection-flavors (in/out/callback, and raw IP/PPP), channel bundling (an extra channel can be added through a Windows/Unix-client), configuration of multiple networks, least-cost routing, automatic choice of provider, display/calculation of connection times and costs, and a Windows/Unix client to control dial/hangup, monitor traffic and monitor incoming calls on ISDN (see screenshot).

floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disc.

fwsnort parses the rules files included in the Snort intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible. fwsnort utilizes the Netfilter string match module (together with a custom patch that adds a --hex-string option to the iptables user space code which is now integrated with iptables) to detect application level attacks.

Gibraltar is a Debian GNU/Linux-based router/firewall distribution, fully workable from a bootable, live CD-ROM. Log files can be stored on a hard disk, and configuration data is stored on a USB mass storage media or a floppy disk and kept on a RAM disk during run-time. Due to its Debian base, a vast manifold of firewalling, routing, and proxy packages is available. An optional commercial version comes with an intuitive, easy to use Web administration interface and support.

Hatchet is a log parsing/presentation program written for OpenBSD's PF logs. Hatchet should be useful to the typical PF administrator who wishes to review their PF logs in a chronological order via a graphical (web) interface. Hatchet archives the logs so that you can search past events. It also allows you to sort by column, so that you may isolate traffic by source or destination address, service, rule number, etc. Additionally, it provides external links to perform DNS queries on source addresses and service quries from SANS.

LEAF - Linux Embedded Appliance Firewall. A secure, feature-rich, customizable embedded Linux network appliance for use in a variety of network topologies. Although it can be used in other ways; it's primarily used as a Internet gateway, router, firewall, and wireless access point.

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

Multi-router looking glass for PHP is a full rewrite of the Perl version of MRLG into PHP. It allows network administrators to execute commands on multiple routers via a nice Web interface. It is flexible, clear, and configurable. Default, per-router, and per-service options may be set. The Web-page layout and queries set are adjustable.

pfSense is a open source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD's ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queueing and finally an integrated package management system for extending the environment with new features.

redWall is a bootable CD-ROM firewall which focuses on Web-based reporting of the firewall's status. It includes Snort, snortsam, dansguardian, and support for fwbuilder, squid-guard, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn), and mail-based alerting. Configuration data are stored on a floppy or USB disk.

Sentry Firewall CD-ROM is a Linux-based bootable CDROM suitable for use as an inexpensive and easy to maintain firewall, server, or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk, a local hard drive, and/or a network via HTTP(S), FTP, SFTP, or SCP.

Sisela is a small, self-contained system designed to wake up in any PC and turn it into a highly capable piece of networking equipment. It can act as a bridge, router, firewall, DHCP server, DNS server, wireless access point or any combination of these functions. It can boot and run from a single floppy disk, or a CD-ROM. It is based on Linux and supports a wide variety of network and wireless hardware, including ISA, PCI, PCMCIA, CardBus and USB devices. With the exception of some ISA cards, all these should be detected and identified automatically.

SmoothWall is a popular Internet Security software package (based on Linux) offering automated modem/advanced ISDN autoprobing, ethernet ADSL/cable, USB ADSL (Alcatel Speed Touch Home only in 1.x; additional support for USR, Fuji, ECI, etc in 2.x), and multiple ethernet card support within 5 minutes of install. Web managed and with full facilities normally only seen in expensive commercial offerings, it also offers SSH, DHCP, and full firewall logging and auditing functionality.

theWall - Single floppy or compact flash based firewall for home DSL / cable modem users based on PicoBSD. Platforms includes embedded PCs with or without video and keyboard support such as the Soekris Net4501 as well as old PCs. TheWall is a collection of PicoBSD configuration trees and prebuild binaries for various platforms that provides NAT and firewall services for a small network. The goal of theWall project is to allow a user to get going quickly without having to learn the details of building a PicoBSD release.