| Application | Package | Version | Worked By | URLs | Comment | Status |
|---|---|---|---|---|---|---|
| Packet Filters | ||||||
netfilter without connection tracking | Linux 2.4/2.6 | from 2.4.x up to 2.6.19 | Maintainers |
| Linux from 2.4 to 2.6.19 includes a stateless IPv6 packet filter firewall. |  |
netfilter with connection tracking | Linux 2.6 | since 2.6.20 | Maintainers |
| Linux since 2.6.20 includes a stateful IPv6 packet filter firewall, supporting also connection tracking for some upper protocols. |  |
| Packet Filter Ruleset Generators | ||||||
fwbuilder | fwbuilder | 3.0.4 (2009) | Maintainers |
| fwbuilder since version 3.0 (released April 2008) supports now also IPv6. | |
shorewall | shorewall | 4.2.8 (2009) | Maintainers |
| shorewall since 2.4.2 (released December 2008) supports now also IPv6. | |
| Packet Filter Statistics | ||||||
iptstate | iptstate | 2.2.2 (2009-09-19) | Maintainers |
| IP Tables State (iptstate) was originally written to implement the "state top" feature of IP Filter in IP Tables. "State top" displays the states held by your stateful firewall in a top-like manner. Up to 2.2.2 IPv6 support is missing. |  |
| Application | Package | Version | Worked By | URLs | Comment | Status |
|---|---|---|---|---|---|---|
| Virtual Private Networks | ||||||
Linux 2.6 | Linux 2.6 | All | Maintainers |
| Linux 2.6 includes a robust IPv6-enabled IPSEC stack derived from the USAGI Project IPSEC stack. | |
FreeBSD | FreeBSD | 4.0 and beyond | Maintainers |
| FreeBSD includes a robust IPv6-enabled IPSEC stack derived from the KAME Project IPSEC stack since version 4.0. | |
OpenBSD | OpenBSD | 2.7 and beyond | Maintainers |
| OpenBSD includes a robust IPv6-enabled IPSEC stack derived from the KAME Project IPSEC stack since version 2.7. | |
NetBSD | NetBSD | 1.5 and beyond | Maintainers |
| NetBSD includes a robust IPv6-enabled IPSEC stack derived from the KAME Project IPSEC stack since version 1.5. | |
yavipin | yavipin | 0.9.6 | Maintainers |
| Yavipind is a secure tunnel aka 2 peers securely forwarding packets toward each other. It forwards any kind of packet (IPv4, IPv6 or other) sent over the virtual point-to-point device (e.g. tun0). It fully runs in linux userspace. | |
openvpn | openvpn | 1.6.0 | Maintainers |
| OpenVPN is an easy-to-use, robust, and highly configurable SSL VPN daemon which can be used to securely link two or more private networks using an encrypted tunnel over the internet. | |
freeswan | freeswan | 2.06 (2003) | Maintainers |
| Linux FreeS/WAN is an implementation of IPSEC and IKE for the Linux operating system. The project's primary objective is to help make IPSEC widespread by providing source code which is freely available, runs on a range of machines including ubiquitous cheap PCs, and is not subject to the US or other nations' export restrictions. At the moment, it seems that this project is no longer maintained and that IPv6 support code in freeswan is still experimental, as the configuration scripts do not support IPv6 yet and the environment setup must be done via low-level tools. This project is no longer active. |  |
openswan | openswan | 2.2.0dr1 | Maintainers |
| Openswan is an Open Source implementation of IPsec for the Linux operating system. Is it a code fork of the FreeS/WAN project, started by a few of the developers who were growing frustrated with the politics surrounding the FreeS/WAN project. At the moment, it seems that IPv6 support code in openswan is still experimental, as the configuration scripts do not support IPv6 yet and the environment setup must be done via low-level tools. | |
strongswan | strongswan | 4.1.9 | Maintainers |
| strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years. The focus is on simplicity of configuration, strong encryption and authentication methods, and powerful IPsec policies supporting large and complex VPN networks. IPv6 host-to-host, net-to-net and roadwarrior IPsec tunnel configurations have now been fully tested and documented in IKEv1 and IKEv2 scenarios. Also supports full interaction of established IPsec tunnels with ip6tables firewall rules via an extended _updown script. | |
| Application | Package | Version | Worked By | URLs | Comment | Status |
|---|---|---|---|---|---|---|
| Security Auditing | ||||||
Nmap | Nmap | 3.50 | Maintainers |
| Nmap ("Network Mapper") is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap features IPv6 support since release 3.10ALPHA1. | |
halfscan6 | halfscan6 | 0.2 | Maintainers |
| A simple TCP/IPv6 port scanner. | |
nessus | nessus | 2.0.7 | Maintainers |
| The Nessus Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way. Nessus is very fast, reliable and has a modular architecture that allows you to fit it to your needs. Unfortunately, not only Nessus does not have IPv6 support, but at the moment the developers have also no plans to add it. | |
| Packet Sniffers | ||||||
tcpdump | tcpdump | 3.7.2 | Maintainers |
| Tcpdump is the most famous tool for network monitoring and data acquisition. This software was originally developed by the Network Research Group at the Lawrence Berkeley National Laboratory. Tcpdump uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap. | |
libpcap | libpcap | 0.7.2 | Maintainers |
| libpcap is a system-independent interface for user-level packet capture that provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc. | |
ethereal | ethereal | 0.9.13 | Maintainers |
| Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. | |
COLD | COLD | 1.0.14alpha | Maintainers |
| COLD is both a network anaylsis tool and a protocol analyzer. It is distributed freely, so its usage is free and the package is freely available. COLD is a network monitoring and protocol analyzing tool which allows to study, maintain and troubleshoot networks by extracting flowing data and printing out the contents and structure. COLD has been developed for troubleshooting, educational, security and commercial purposes only. | |
ndpmon | ndpmon | 0.1b | Maintainers |
| NDPMon, Neighbor Discovery Protocol Monitor, is a tool working with ICMPv6 packets. NDPMon observes the local network to see if nodes using neighbor discovery messages behave properly. When it detects a suspicious Neighbor Discovery message, it notifies the administrator by writing in the syslog and in some cases by sending an email report. NDPMon is an equivalent of ArpWatch for IPv6. | |
| Packet Forgers | ||||||
Raw Socket Library | libsock | N/A | Maintainers |
| Raw Socket Library provides a simple mechanism to send raw socket packet using IPV4 and IPV6 using a simple struct. It currently supports TCP, ICMP, UDP, and ICMPv6. | |