PushProx is a client and proxy that allows transversing of NAT and other similar network topologies by Prometheus, while still following the pull model.
opensnitch - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
f2b is lightweight fail2ban alternative.
written in pure C
small memory footprint
minimum dependencies (req: libc, libdl; optional: pcre, redis)
pluggable sources / filters / backends (you may write custom one)
This program allows you to centralize and distribute IP blacklists.
If you maintain a server on the Internet, it's very likely you encountered one or more brute force attacks. Not a problem, just install fail2ban. Done.
But if you're running multiple servers, each of them running their fail2ban instance, they'll all have different IP addresses in the ban list. Wouldn't it be nice to have a shared ban list across all your fail2ban instances? Or in case all your machines are behind a router or firewall you control yourself, wouldn't it be nice to drop malicious traffic at the edge of your network?
That's exactly what vallumd helps to achieve.
sshguard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends, including iptables, ipfw, and pf.
FireHOL and FireQOS offer simple and powerful configuration for all Linux firewall and traffic shaping requirements