Simple Project List 軟體列表

495 projects in result set
最後更新: 2014-02-16 16:37


ipt_pkd is an iptables extension implementing port
knock detection with SPA (single packet
authorization). This project provides 3 parts: the
kernel module ipt_pkd, the iptables user space
module, and a user space client
knock program. For the knock packet, it uses a UDP
packet sent to a random port that contains a
SHA-256 of a timestamp, small header, random
bytes, and a shared key. ipt_pkd checks the time
window of the packet and does the SHA-256 to
verify the packet. The shared key is never sent.

(Machine Translation)
最後更新: 2011-07-17 19:37


ferm is a tool to maintain and setup complicated firewall rules. It allows one to reduce the tedious task of carefully inserting rules and chains, thus enabling the firewall administrator to spend more time on developing good rules, and less time on the proper implementation of those rules. These rules will be executed by the preferred kernel interface, such as ipchains and iptables, and in one pass. Firewall rules can also be split into different files and loaded at will.

(Machine Translation)
最後更新: 2004-08-23 05:33

Linux FreeS/WAN

Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) as well as various rc scripts and documentation. It is known to interoperate with other IPSEC and IKE system already deployed by other vendors such as OpenBSD, Cisco, or CheckPoint. It also features Opportunistic Encryption, subnet extrusion, and with the appropriate patches interops nicely with Microsoft Windows XP/2000 using X.509 certificates.

(Machine Translation)
最後更新: 2014-04-14 13:17


nftables aims to replace the existing {ip,ip6,arp,eb}tables framework. It provides a new packet filtering framework, a new userspace utility, and a compatibility layer for {ip,ip6}tables. nftables is built upon the building blocks of the Netfilter infrastructure such as the existing hooks, the connection tracking system, the userspace queueing component, and the logging subsystem.

(Machine Translation)
最後更新: 2009-01-29 21:56

Shell In A Box

Shell In A Box implements a Web server that can export arbitrary command line tools to a Web-based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled Web browser, and does not require any additional browser plugins. Most typically, login shells would be exported this way: "shellinaboxd -s /:LOGIN". This starts a Web server at http://localhost:4200 that allows users to log in with their username and password and to get access to their login shell. The connection will be encrypted if SSL/TLS certificates are available.

(Machine Translation)
最後更新: 2001-05-10 02:57


fireparse is an ADMLogger plugin that emails a report of all packets that have been logged by the kernel's packet filtering subsystem (iptables/netfilter
or ipchains). The report includes source and destination ports, direction, logged packet count, matched rule, and fully resolved host names (if
available). The email report can be formatted to plain text or a colored HTML table.

(Machine Translation)
最後更新: 2013-05-06 03:59


HTTPTunnel is a simple client/server application
for creating an HTTP tunnel between two machines,
optionally via a Web proxy. This tunnel can then
be used to wrap arbitrary TCP socket traffic in
HTTP, thus allowing communications even through a
restrictive firewall that only allows outgoing
HTTP connections.

(Machine Translation)
最後更新: 2019-01-01 01:02



最後更新: 2013-03-05 02:06


conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

(Machine Translation)
最後更新: 2013-11-17 18:45

360-FAAR Firewall Analysis Audit and Repair

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.

(Machine Translation)
最後更新: 2004-08-04 13:19


CIPE (Crypto IP Encapsulation) is an ongoing project to build encrypting IP routers. The protocol used is as lightweight as possible. It is designed for passing encrypted packets between prearranged routers in the form of UDP packets. This is not as flexible as IPSEC but it is enough for the original intended purpose: securely connecting subnets over an insecure transit network.

最後更新: 2010-07-26 10:22

HTTP Anti Virus Proxy

HAVP (HTTP Anti Virus Proxy) is a proxy which
scans downloads for viruses with several scanners
(ClamAV, F-Prot, Kaspersky, NOD32, Sophos) at the
same time. The main aims are continuous,
non-blocking downloads and smooth scanning of
dynamic and password protected HTTP traffic. It
can be used with squid or standalone, and it also
supports transparent proxy mode.

(Machine Translation)
最後更新: 2003-06-11 00:10


AGT is a powerful console frontend to iptables,
supporting nearly all of the iptables extensions
(such as quota, random, MIRROR, multiport, owner,
string, MAC address, and more). All options can be
specified in a configuration file with similar
syntax to 'ipf' and 'ipfw'.

(Machine Translation)
最後更新: 2005-11-30 04:20


BBStatus is an IP accounting package and an SNMP and IP monitoring tool for Linux. It collects, summarizes, and displays the values from its database. It can be used for IP accounting (allows you to design various
kinds of accounting filters), SNMP monitoring (collects data making SNMP requests), ICMP monitoring (stores and summarizes values like min, avg, max reply time, and packet loss), and client traffic filtering (using various types of filters). It also provides user based access so that every user can log in and visualize various data (depending on access rights). It requires PostgreSQL, Apache with mod_auth_pgsql, Perl(Net::SNMP), and RRDTool.

(Machine Translation)
最後更新: 2011-03-07 01:46

DNS Blacklist Packet Filter

DNS Blacklist Packet Filter is a Linux netfilter client that decides whether to accept or drop packets based on the results of a DNS blacklist query (such as MAPS, SORBS, or SPEWS, to name a few). One use is to filter all incoming SMTP SYN packets for spam filtering.

(Machine Translation)