Firewall & Port knocking
zeroflux.org Synopsis knockd [options] Description knockd is a port-knock server.
fwsnort - iptables Intrusion Detection with String Matching and Snort Rules fwsnort parses the rules files included in the SNORT ® intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible. fwsnort utilizes the iptables string match module (together with a custom patch that adds a --hex-string option to the iptables user space code which is now integrated with iptables) to detect application level attacks. fwsnort accepts command line arguments to restrict processing to any particular class of snort rules such as "ddos", "backdoor", or "web-attacks". Processing can even be restricted to a specific snort rule as identified by its "snort id" or "sid". fwsnort makes use of the IPTables::Parse module to translate snort rules for which matching traffic could potentially be passed through the existing iptables ruleset.
Since 2003, NuFW is an application which adds identity-based filtering to Netfilter . Over the years, EdenWall Technologies has developed components and interfaces to extend the usability of NuFW. Being a real opensource player, the company has made available most of the components under GPL licence. NuFW Project Homepage
netfilter/iptables project homepage - The netfilter.org project netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and later kernel series. Software commonly associated with netfilter.org is iptables. Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling.