High speed TLS signature filtering.

Instead of taking the full JA4 hash to fingerprint traffic which is slow to calculate and is hard to implement in a BPF filter, I take a Jenkins hash of the sorted supported ciphers in any given TLS request. To similar effect as JA4, keeping fingerprinting usefulness. Switching to a non-cryptographic hashing algorithm is okay here because any given attacker with enough skill could replicate the ciphers of another client, so any hash reversing would be useless or at best force the attacker to implement a different amount of hashes.

Related contents:

• How I Block All 26 Million Of Your Curl Requests @ Fox Ellison-Taylor's Blog.

DNS + Firewall App for Android 6+.

Rethink DNS + Firewall is the easiest way to monitor app activity, circumvent Internet censorship, block ads and trackers on your Android device.

• Rethink @ GitHub.

Related contents:

• RethinkDNS - Booster de vie privée sur Android @ Korben :fr:.

OpenGFW is a flexible, easy-to-use, open source implementation of GFW (Great Firewall of China) on Linux.

OpenGFW is your very own DIY Great Firewall of China, available as a flexible, easy-to-use open source program on Linux. Why let the powers that be have all the fun? It's time to give power to the people and democratize censorship. Bring the thrill of cyber-sovereignty right into your home router and start filtering like a pro - you too can play Big Brother.

• OpenGFW @ GitHub.

OPNManager is a streamlined, user-friendly application designed to simplify the management of OPNsense firewalls. Built with Tauri and SvelteKit, this cross-platform app provides an intuitive interface for users who need a more simplified alternative to the standard OPNsense web interface.

Anubis: self hostable scraper defense software.

Weighs the soul of incoming HTTP requests using proof-of-work to stop AI crawlers.

• Anubis @ GitHub.

Related contents:

• Block AI scrapers with Anubis @ Xe.
• Episode 146: When AI Attacks @ Self-Hosted.
• The surreal joy of having an overprovisioned homelab @ Xe.
• Open source devs are fighting AI crawlers with cleverness and vengeance @ TechCrunch.
• [Anubis] Utiliser la preuve de travail pour bloquer les robots @ Pofilo.fr :fr:.
• The Day Anubis Saved Our Websites From a DDoS Attack @ fabulous.systems.
• Protéger tous ses sites avec Anubis @ Dryusdan.space 🚀.
• A thought on JavaScript "proof of work" anti-scraper systems @ Wandering Thoughts.
• Anubis - Protégez votre site web contre les scrapers IA en moins de 15 minutes @ Korben :fr:.

Linux firewalling and traffic shaping for humans.

FireHOL is a language (and a program to run it) which builds secure, stateful firewalls from easy to understand, human-readable configurations. The configurations stay readable even for very complex setups.

• FireHOL @ GitHub.
• FireHOL IP Lists.
• FireHOL IP Lists @ GitHub.

Related contents:

• FireHOL - La protection IP ultime pour votre pare-feu @ Korben :fr:.

The only centralized manager for Open Source firewalls

• Simply manage more firewalls
• Huge gain in productivity and speed
• Automate certain administrative tasks
• All your firewalls are accessible in 1 click
• Auto-connect your firewalls to DynFi Manager
• pfSense® and OPNsense® compatible manager

Source: Administration centralisée des pare-feux pfSense et OPNsense avec Dynfi Manager @ IT-Connect :fr:.

Proudly Introducing the era of Instant Firewalls!

Get instant security whenever and wherever you have network access!

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

The next-gen open source, crowd-powered & dynamic firewall.

Curated Threat Intelligence Powered by the Crowd. Maximize your security investments with ultra-curated data.

• CrowdSec @ GitHub.
• 277 - Défense communautaire - Julien Devouassoud @ <ifttd> :fr:.

World's Most Trusted Open Source Firewall.

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

• PfSense et Squid : ajouter le filtrage par catégories avec Squid Guard @ IT Connect :fr:.
• pfSense Configuration Guide - Zero to Hero! @ Jim's Garage's YouTube.
• The First Services I Always Spin Up in Any Home Lab @ VirtualizationHowto.

A fast TCP/UDP tunnel over HTTP.

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

Secure your digital life.

Open Source IT-Security Hardware.

IPFire is a dedicated firewall that can be installed in any network - from data center down to your home. It is secure, fast and very versatile. Besides from being a stateful inspection firewall it can work as a VPN gateway, analyze data packets with its Intrusion Prevention System (IPS), and comes with many Add-ons that extend its functionality further.

Identity-Native Infrastructure Access. Faster. More Secure.

Teleport replaces the #1 source of data breaches — secrets — with true identity to deliver phishing-proof zero trust access for every engineer and service connected to your global infrastructure.

Teleport is the easiest, most secure way to access all your infrastructure. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols.

• Teleport @ GitHub.

Related contents:

• Sécuriser l'accès à vos serveurs avec Teleport @ DevSecOps :fr:.

Red Flag Domains are lists of very recently registered probably malicious domain names in french TLDs. Data are published for security purposes only, and can be used to feed an automatic filtering solution like proxy. More details here.

MySafeIp is a web app acting as a trusted IP source for firewalls. With it, I don't have to open my own services (Nextcloud, bitwarden, etc...) worldwilde. Just me, my family and friends can use those services easily. Family and friends don't even need an account to mysafeip with instant link feature.

🏔 Love Freedom - ❌ Block Mass Surveillance. Portmaster is a free and open-source application firewall that does the heavy lifting for you. Restore privacy and take back control over all your computer's network activity.

Enterprise-grade open source web application firewall library. Coraza is an open source, high performance, Web Application Firewall ready to protect your beloved applications.

• Coraza @ GitHub.

Daily feed of bad IPs (with blacklist hit scores). IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

The lightweight application is less than a megabyte, and it is compatible with Windows 7 SP1 and higher operating systems. You can download either the installer or portable version. For correct working you are require administrator rights.

Suricata is a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.

Mac OS X firewall

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.

pfsense fork - Your next Open Source Firewall ! Secure Your Network with ease. From Virtual Private Networking to Intrusion Detection, Best in class, FREE Open Source Project.

• OPNsense @ GitHub.

Related contents:

• How to Configure an OPNsense Dashboard @ bsmithio.
• Introduction à OPNsense : comment installer ce firewall ? @ IT-Connect :fr:.

This is a mini-firewall that completely isolates a target device from the local network. This is for allowing infected machines Internet access, but without endangering the local network.

A tool for analyzing firewall rules

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices.

Go beyond firewall and UTM basics to total control of web content, applications, bandwidth usage and remote access in a single solution.