Search Results for "firewalls"
Sort By:
Showing 237 open source projects for "firewalls"
View related business solutions-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
-
Employees get more done with RipplingEffortlessly manage the entire employee lifecycle, from hiring to benefits administration. Automate HR tasks, ensure compliance, and streamline approvals. Simplify IT with device management, software access, and compliance monitoring, all from one dashboard. Enjoy timely payroll, real-time financial visibility, and dynamic spend policies. Rippling empowers your business to save time, reduce costs, and enhance efficiency, allowing you to focus on growth. Experience the power of unified management with Rippling today.
-
1
ModSecurity
Cross platform web application firewall (WAF) engine for Apache
ModSecurity is an open-source, cross-platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language that provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web... -
2
Netmaker
Netmaker makes networks with WireGuard
...Netmaker is better, faster, and more secure. Netmaker automates a secure superhighway between devices, clouds, virtual machines, and servers using WireGuard. It blows past any NAT’s, firewalls, or subnets that stand between them. Devices are scattered across data centers, offices, clouds, clusters, and more. Distinct networks separate them, each with different management rules. Connecting machines across environments means setting up gateways, firewalls, and tunnels, often manually. -
3
Open Source API Firewall by Wallarm
Fast and light-weight API proxy firewall for request and response
API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is designed to protect REST API endpoints in cloud-native environments. API Firewall provides API hardening with the use of a positive security model allowing calls that match a predefined API specification for requests and responses, while rejecting everything else. -
4
Serverless Appsync Plugin
Serverless plugin for appsync
Deploy AppSync API's in minutes using this Serverless plugin. This plugin exports some handy variables that you can use in your yml files to reference some values generated by CloudFormation. This plugin adds some useful CLI commands. AppSync is currently using an older version of the Graphql Specs. This plugin intends to use modern schemas for future-proofing. Incompatibilities will either be dropped or attempted to be fixed. Old-style descriptions (using #) are supported by AppSync but... -
Powerful Business Process AutomationWhen a message is received ThinkAutomation automatically executes one or more Automations. Automations are created using an easy to use drag-and-drop interface to run simple or complex tasks. Automations can perform many business process Actions, including: updating company databases, CRM systems and cloud services, sending outgoing emails, Teams & SMS messages, document processing, custom scripting, integration and much more. Over 100 built-in actions are included, plus ThinkAutomation is extensible with Custom Actions.
-
5
ngx_waf
Handy, High performance, ModSecurity compatible Nginx firewall module
Handy, High-performance Nginx firewall module. Such as black and white list of IPs or IP range, uri black and white list, and request body black list, etc. Directives and rules are easy to write and readable. The IP detection is a constant-time operation. Most of the remaining inspections use caching to improve performance. Compatible with ModSecurity's rules, you can use OWASP ModSecurity Core Rule Set. Supports verifying Google, Bing, Baidu and Yandex crawlers and allowing them... -
6
WAF package for Laravel
Web Application Firewall (WAF) package for Laravel
This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi, RFI, LFI, User Agent, and a lot more. It will also block repeated attacks and send notifications via email and/or slack when an attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts. Some middleware classes (i.e. Xss) are empty as the Middleware abstract class that they extend does all of the job, dynamically. In short, they all work. -
7
WAFW00F
WAFW00F allows one to identify and fingerprint Web App Firewall
The Web Application Firewall Fingerprinting Tool. Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks. For further details,... -
8
Pangolin
Identity-Aware Tunneled Reverse Proxy Server with Dashboard UI
Pangolin is an open-source, self-hosted tunneled reverse proxy server that brings identity-aware access control and dashboard management to exposing private services securely. It allows you to connect applications and resources behind firewalls or NATs to a central hub, using encrypted tunnels rather than opening public ports or relying entirely on VPNs. With Pangolin you can route traffic from across distributed networks, enforce contextual access rules (such as SSO, geolocation, time of day, IP restrictions), and manage all of your exposed resources in one dashboard. ... -
9
Network Flight Simulator
A utility to safely generate malicious network traffic patterns
flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns. -
Build experiences that drive engagement and increase transactionsSendbird's chat, voice, and video APIs power conversations and communities in hundreds of the most innovative apps and products. Sendbird’s feature-rich platform, and pre-fab UI components make developers more productive. We take care of a ton of operational complexity under the hood, so you can power a rich chat service, and life-like voice, and video experiences, and not worry about features, edge cases, reliability, or scale.
-
10
Narrowlink
A self-hosted solution to enable secure connectivity between devices
Narrowlink is a zero-config tunneling and reverse proxy solution that enables secure access to services behind firewalls or NATs without exposing public IPs. Unlike traditional tools like ngrok, Narrowlink is peer-to-peer and privacy-focused, using WireGuard and WebRTC to establish direct encrypted tunnels between peers. It is designed to make exposing local services simple, fast, and secure with no need for port forwarding or cloud relays. Narrowlink is ideal for developers, self-hosters, and remote teams looking for frictionless, encrypted connectivity. -
11
Tailscale
The easiest, most secure way to use WireGuard and 2FA
Tailscale is an open-source zero-configuration VPN and networking solution that makes it simple to create secure, private networks across devices by leveraging WireGuard under the hood. It lets users connect computers, servers, mobile devices, and cloud instances together with peer-to-peer encrypted tunnels without dealing with complex firewalls, NAT rules, or key distribution headaches. Instead of traditional VPN server infrastructure, Tailscale uses a coordination service to authenticate devices and exchange connection information, enabling automatic NAT traversal and minimal manual setup. The project includes a daemon (tailscaled) and a CLI tool that run on major operating systems, and it also forms the basis for the official clients on platforms like iOS and Android, though those have GUI wrappers not fully in this repository. -
12
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of... -
13
Tempesta FW
All-in-one solution for high performance web content delivery
Tempesta FW is an all-in-one open-source solution for high performance web content delivery and advanced protection against DDoS and web attacks. This is a drop-in-replacement for the whole web server frontend infrastructure: an HTTPS load balancer, a web accelerator, a DDoS mitigation system, and a web application firewall (WAF). Tempesta FW is the first and only hybrid of a Web accelerator and a multi-layer firewall. This unique architecture provides seamless integration with the Linux... -
14
cunicu
A zeroconf peer-to-peer mesh VPN using Wireguard
...Hence, it adopts the design goals of the WireGuard project, to be simple and easy to use. Thanks to Interactive Connectivity Establishment (ICE), cunīcu is capable of establishing direct connections between peers that are located behind NAT firewalls such as home routers. In situations where ICE fails, or direct UDP connectivity is not available, cunīcu falls back to using TURN relays to reroute traffic over an intermediate hop or encapsulate the WireGuard traffic via TURN-TCP. -
15
Lantern
Tool to access videos, messaging, and other popular apps
Can't access your favorite apps? Download Lantern to easily access videos, messaging, and other popular apps while at school or work. Lantern is an application that allows you to bypass firewalls to use your favorite applications and access your favorite websites. Lantern does not cooperate with any law enforcement in any country. Lantern encrypts all of your traffic to blocked sites and services to protect your data and privacy. Lantern passed multiple third party white box security audits to ensure security of our code. ... -
16
FireHOL
A firewall for humans.
FireHOL is a language (and a program to run it) that builds secure, stateful firewalls from easy-to-understand, human-readable configurations. The configurations stay readable even for very complex setups. FireQOS is a program that sets up traffic shaping from an easy-to-understand and flexible configuration file. Both programs abstract away the differences between IPv4 and IPv6. so you can concentrate on the rules you want. -
17
SMTP Tunnel Proxy
A high-speed covert tunnel that disguises TCP traffic as SMTP email
SMTP Tunnel Proxy is a high-speed covert tunneling proxy that disguises regular TCP traffic as legitimate SMTP email communication to evade deep packet inspection (DPI) firewalls and censorship systems. It implements a SOCKS5 proxy interface on the client that wraps outbound traffic into an SMTP-like handshake (EHLO, STARTTLS, AUTH) and encrypted payload, making the session appear to DPI systems as a normal email exchange. The tool supports modern TLS encryption (STARTTLS) with HMAC-SHA256 authentication, per-user secrets, IP whitelisting, and multiplexed connections over a single tunnel. ... -
18
socket.io
Realtime application framework (Node.JS server)
socket.io is a JavaScript library that allows for realtime, bi-directional communication between web clients and servers. It is composed of two parts: a Node.js server and a JavaScript client library that runs in the browser. socket.io is focused on both reliability and speed, delivering an immensely powerful, fast and yet easy to use realtime engine that’s used by just about everyone: from Microsoft Office and Zendesk to hackathon winners and small startups. It’s considered one of the... -
19
NSmartProxy
NSmartProxy is an open source reverse proxy tool
NSmartProxy is a reverse proxy system that enables external access to devices or applications behind NAT/firewalls without requiring public IPs or router configuration. It’s designed to work with desktop and server apps, and includes a centralized SmartNode server that helps initiate and maintain tunnel connections. This makes it ideal for remote access to local services or self-hosted applications. NSmartProxy supports both TCP and UDP protocols, making it versatile for a wide range of network needs. -
20
bore
bore is a simple CLI tool for making tunnels to localhost
A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That's all it does, no more and no less. This will expose your local port at localhost:8000 to the public internet at bore.pub:<PORT>, where the port number is assigned randomly. Similar to localtunnel and ngrok, except bore is intended to be a highly efficient, unopinionated tool for forwarding TCP traffic that is simple to install and easy to self-host, with no frills attached. ... -
21
fwknop
Single Packet Authorization, Port Knocking
fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports iptables and firewalld on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD) and libpcap. SPA is essentially next-generation port knocking (more on this below). The design decisions that guide the development of fwknop can be found in the blog post "Single Packet... -
22
A to Z of Networking for DevOps
Learn Networking from A to Z at one place with realtime examples
...The guide breaks topics down into clear, digestible markdown files that include simple definitions, common use cases, and essential command-line examples, which makes the material approachable even if you are just starting out. It covers the full stack of networking concerns, such as DNS, HTTP/S protocols, load balancing, firewalls, VPNs, proxies, CDNs, and more, all with a practical orientation toward how these systems operate in real infrastructure. -
23
SyncKit
Local-first collaboration SDK for React, Vue, and Svelte
...It provides bidirectional syncing, conflict detection and resolution, and selective folder sync, making it suitable for personal data, team projects, or distributed machines. The system operates over encrypted channels and supports peer-to-peer connections as well as optional relay servers for users behind NAT or firewalls. It includes version history and rollback capabilities so users can recover previous versions of files or undo unintended changes. Synckit’s synchronization engine efficiently handles differential syncing — transferring only changed blocks rather than entire files — which reduces bandwidth usage and accelerates sync throughput. -
24
Hyprspace
A Lightweight VPN Built on top of IPFS + Libp2p
...Libp2p is a networking library created by Protocol Labs that allows nodes to discover each other using a Distributed Hash Table. Paired with NAT hole punching this allows Hyprspace to create a direct encrypted tunnel between two nodes even if they're both behind firewalls. Moreover! Each node doesn't even need to know the other's ip address prior to starting up the connection. This makes Hyprspace perfect for devices that frequently migrate between locations but still require a constant virtual ip address. -
25
GeoIP
This project automatically generates GeoIP files in multiple formats
GeoIP is a community-maintained project that generates and publishes enhanced GeoIP/Geo-database and IP-location/routing data in multiple formats (e.g. V2Ray .dat, MaxMind .mmdb, and others) to support proxy, VPN, or routing tools requiring IP-to-country/region resolution. Rather than depending solely on the official GeoLite2 data, geoip augments and merges data sources (especially for certain regions) to improve coverage or tailor by use-case (e.g. proxy-specific rules, private networks, or...