psad is an intrusion detection system built around iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic. For TCP scans psad analyzes TCP flags to determine the scan type (syn, fin, xmas, etc.) and corresponding command line options that could be supplied to nmap to generate such a scan. In addition, psad makes use of many TCP, UDP, and ICMP signatures contained within the Snort intrusion detection system (see http://www.snort.org/) to detect suspi
The IPTables::Parse package provides an interface to parse iptables or ip6tables rules on Linux systems through the direct execution of iptables/ip6tables commands, or from parsing a file that contains an iptables/ip6tables policy listing. Note that the 'firewalld' infrastructure on Fedora21 is also supported through execution of the 'firewall-cmd' binary. By default, the path to iptables is assumed to be '/sbin/iptables', but if the firewall is 'firewalld', then the '/usr/bin/firewall-cmd' is u
A Netfilter firewall tool written in bash scripting, designed to be easy to use but yet flexible and powerful.
Shorewall is a flexible firewall configuration system for Linux 2.4/3.x iptables. It's suitable for routers, gateways, servers, VPN environments and just desktop systems. It provides a higher level rule-based configuration scheme to configure the Netfilter kernel module, routes, interfaces and traffic shaping. It supports both IPv4 and IPv6.
fwsnort translates SNORT rules into iptables rules on Linux systems and generates a corresponding iptables policy in iptables-save format. This ruleset allows network traffic that matches Snort signatures (i.e. attacks and other suspicious network behavior) to be logged and/or dropped by iptables directly without putting an interface into promiscuous mode or queuing packets from kernel to user space. Note that fwsnort can also build an iptables policy that combines the string match extension wit