arptables
- Ebuilds: 1, Stable: 0.0.5-r2 Description: Set up, maintain, and inspect the tables of ARP rules in the Linux kernel
Homepage:https://ebtables.netfilter.org License: GPL-2+
conntrack-tools
- Ebuilds: 2, Stable: 1.4.8-r1, Testing: 1.4.9 Description:
The conntrack-tools are a set of free software userspace tools for Linux that
allow system administrators interact with the Connection Tracking System, which
is the module that provides stateful packet inspection for iptables. The
conntrack-tools are the userspace daemon conntrackd and the command line
interface conntrack.
Homepage:https://conntrack-tools.netfilter.org License: GPL-2+
ebtables
- Ebuilds: 1, Stable: 2.0.11-r3, Testing: 2.0.11-r3 Description: Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting
Homepage:https://ebtables.netfilter.org/ License: GPL-2
ferm
- Ebuilds: 1, Stable: 2.7, Testing: 2.7 Description: Command line util for managing firewall rules
Homepage:http://ferm.foo-projects.org/ License: GPL-2+
ipt-ratelimit
- Ebuilds: 2, Testing: 20240923 Description:
An implementation of committed access rate, or simply rate limiting,
or policing for Linux iptables, implemented with high performance in mind.
Homepage:https://github.com/aabc/ipt-ratelimit License: GPL-2
iptables
- Ebuilds: 3, Stable: 1.8.11-r1, Testing: 1.8.13 Description:
iptables is the userspace command line program used to set up, maintain, and
inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a
part of packet filtering framework which allows the stateless and stateful
packet filtering, all kinds of network address and port translation, and is a
flexible and extensible infrastructure with multiple layers of API's for 3rd
party extensions. The iptables package also includes ip6tables. ip6tables is
used for configuring the IPv6 packet filter.
Note that some extensions (e.g. imq and l7filter) are not included into
official kernel sources so you have to patch the sources before installation.
Homepage:https://www.netfilter.org/projects/iptables/ License: GPL-2
lutelwall
- Ebuilds: 1, Stable: 0.99-r1, Testing: 0.99-r1 Description:
LutelWall is high-level firewall configuration tool. It uses human-readable and easy
to understand configuration to set up Netfilter in most secure way. Its flexibility
allows firewall admins build from very simple, single-homed firewalls, to most complex
ones - with multiple subnets, DMZ's and traffic redirections.
Homepage:https://www.lutel.pl/lutelwall/ License: GPL-2
nfacct
- Ebuilds: 1, Stable: 1.0.2-r2, Testing: 1.0.2-r2 Description: Command line tool to create/retrieve/delete accounting objects in NetFilter
Homepage:https://www.netfilter.org/projects/nfacct/ License: GPL-2
pkt_netflow
- Ebuilds: 1, Testing: 9999-r1 Description:
High performance NetFlow v5, v9, IPFIX flow data export module for
Linux kernel. Created to be useful for linux routers in
high-throughput networks.
Homepage:https://github.com/aabc/pkt-netflow License: GPL-2
shorewall (ambiguous, available in 2 overlays)
- Ebuilds: 2
Description:
The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter.
You describe your firewall/gateway requirements using entries in a set of configuration files.
Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and
tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements.
Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a
standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus
take advantage of Netfilter's connection state tracking capabilities.
Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and
there is no "Shorewall process" left running in your system. The /usr/sbin/shorewall program can be used at
any time to monitor the Netfilter firewall.
Homepage:https://shorewall.org/ License: GPL-2
ufw
- Ebuilds: 2, Stable: 0.36.2, Testing: 0.36.2 Description:
The Uncomplicated Firewall (ufw) is a frontend for iptables and is
particularly well-suited for host-based firewalls. It provides a framework
for managing netfilter, as well as an easy to use command-line interface for
manipulating the firewall.
Homepage:https://launchpad.net/ufw License: GPL-3
xt_dns
- Ebuilds: 2, Testing: 1.5 Description:
Package is capable to match queries, or responses, to match query
type (eg. ANY) in queries or even in responses and also to match
packet with EDNS0 pseudo-RR and with specific bufsize range.
The matching algorithm is fully RFC 1035 compliant.
Only non-fragmented UDP packets are supported, both IPv4 and IPv6.
Homepage:https://github.com/oskar456/xt_dns License: GPL-1
xt_nat
- Ebuilds: 1
Description:
This Full Cone NAT xtables module was developed as a replace for
the conntrack NAT to provide Assymetric NAT features on Linux systems
that can be used as a Carrier Grade NAT in small ISP networks.
Homepage:https://github.com/gonarh/xt_NAT_with_netflow_v9 License: GPL-2
xtables-addons
- Ebuilds: 3, Stable: 3.29, Testing: 3.28 Description:
Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains
extensions that were not, or are not yet, accepted in the main kernel/iptables
packages.
Xtables-addons is different from patch-o-matic in that you do not have to patch
or recompile the kernel, sometimes recompiling iptables is also not needed. But
please see the INSTALL file for the minimum requirements of this package.
Homepage:
https://inai.de/projects/xtables-addons/
https://codeberg.org/jengelh/xtables-addons/
License: GPL-2+