Insert trace-points into the running configuration to observe the path of packets through the iptables chains.

Open Source Deep Packet Inspection Software Toolkit

Layer 4 Single Packet Authentication Linux kernel module utilizing Netfilter hooks and kernel supported Berkeley Packet Filters (BPF)

Bash script to create nftables sets of country specific IP address ranges for use with firewall rulesets. The project provides a simple and flexible way to implement geolocation filtering with nftables. It can be a useful tool to reduce the chance of malware, ransomware and phishing attempts as well as mitigating the effects of DDoS attacks.

A Linux kernel IPC firewall and logger for Android and Binder

Pure-Go Conntrack implementation; for humans.

Docker container for intercepting packets with scapy from a netfilter queue (nfqueue)

Allow/deny traffic in nftables using country specific IP blocks

Rust bindings for iptables

Geographical host protection for Linux/FreeBSD

A good addition to your conntrack-tools package. Conntracker acts like a firewall sniffer, it analysis, realtime, with very low overhead, all iptables (or nf_tables) existing flows and inform you, at the very end of its execution, all flows in a sorted and consumable way.

A simple script that uses special iptables rules and sysctl tweaks that protects your server(s) against many various attacks

Pure-Go Netfilter Netlink family implementation.

c-binding free API for golang to communicate with the queue subsystem of netfilter

Netfilter Conntrack Stats Exporter

c-binding free API for golang to communicate with the log subsystem of netfilter

Opensvp is a security tool implementing "attacks" to be able to test the resistance of firewall to protocol level attack.

TeaVPN2 - An open source VPN Software (currently supported platform is only Linux).

The Linux netfilter conntrack-based connection flows pretty printer.

Transparent TLS and HTTP proxy serve and operate on all 65535 ports, with domain regex whitelist and rest api control