HeatShield!

HeatShield alternatives

  • SSHGuard

  • SSHGuard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. SSHGuard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication. »

    tags: bruteforce firewall freebsd intrusion-detection ssh
  • Fail2ban

  • Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

    tags: firewall security-utilities internet-filter iptables ip-blocking
  • Denyhosts

  • The idea of denying access to SSH servers is nothing new and I was inspired by many other scripts that I discovered. However, none of them did things the way I envisioned them to. Also, they were all shell scripts which do not offer the elegance of Python.

    tags: daemon bruteforce web-log-analyzer ssh-bruteforce
  • Shorewall

  • The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities. »

    tags: firewall gateway netfilter
  • Advanced Policy Firewall

  • Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.The technical side of APF is such that it utilizes the latest stable features from the iptables (netfilter) project to provide a very robust and powerful firewall. The filtering performed by APF is three fold:1) Static rule based policies (not to be confused with a “static firewall”)2) Connection based stateful policies3) Sanity based policiesThe first, static rule based policies, is the most traditional method of firewalling. This is when the firewall has an unchanging set of instructions (rules) on how traffic should be handled in certain conditions. An example of a static rule based policy would be when you allow/deny an address access to the server with the trust system or open a new port with conf.apf. So the short of it is rules that infrequently or never change while the firewall is running.The second, connection based stateful policies, is a means to distinguish legitimate packets for different types of connections. Only packets matching a known connection will be allowed by the firewall; others will be rejected. An example of this would be FTP data transfers, in an older era of firewalling you would have to define a complex set of static policies to allow FTA data transfers to flow without a problem. That is not so with stateful policies, the firewall can see that an address has established a connection to port 21 then “relate” that address to the data transfer portion of the connection and dynamically alter the firewall to allow the traffic.... and much much more. See site for further details. »

    tags: firewall iptables netfilter mod-security application-firewall
  • CloudPassage

  • CloudPassage offers cloud server security and compliance products purpose-built for elastic cloud environments.

    tags: software-as-a-service cloud-security
  • Firewall Builder

  • Firewall Builder is Open Source multi-platform firewall management software that supports Linux iptables, FreeBSD ipfilter and ipfw, OpenBSD pf, CIsco PIX and Cisco IOS Access Lists.

    tags: Discontinued firewall protection system-administration configuration
  • SpyLog

  • lua-spylog - Execute actions based on log records

    tags: autoblock brute-force-protection bruteforce protection rdp-protection