OpenSEC Picks
Dante - a free implementation of the proxy protocols socks version 4, socks version 5 (rfc1928) and msproxy. It can be used as a firewall between networks. Specifically, Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity. Once installed, Dante can in most cases be made transparent to the clients while offering detailed access control and logging facilities to the server administrator.
Gfcc - an administrative control interface for Linux firewall policies and rules (based on ipchains package). Requires: linux kernel 2.1.102 or higher, gtk toolkit 1.2.0 or higher, libipfwc (included in ipchains and in this package).
Ipchains - the current standard for Linux kernel packet filtering for 2.1+ Linux kernels.
Redir - a port redirector. It's functionally basically consists of the ability to listen for TCP connections on a given port, and, when it recieves a connection, to then connect to a given destination address/port, and pass data between them. It finds most of its applications in traversing firewalls, but, of course, there are other uses.
SOCKS - a circuit-level gateway by NEC Systems Labs that has become an Internet standard for automated firewall traversal. Can also be used to build VPNs.
Squid - high peformance proxy server for HTTP, FTP, DNS, and Gopher. One of the workhorses of the Internet, if not directly security-related.
TinyProxy - Tinyproxy is a small, efficient HTTP proxy, which is ideal for use in small network situations where a (much) larger, caching proxy like Squid might very well be overkill, or a security hazard. [8/8/99 - version 1.2.8]

More Tools
Delegate - a multi-purpose application level gateway, or a proxy server which runs on multiple platforms (Unix, Windows and OS/2). DeleGate mediates communication of various protocols (HTTP, FTP, NNTP, POP, Telnet, etc.), applying cache and conversion for mediated data, controlling access from clients and routing toward servers
FCT - Firewall Configuration Tool is an HTML based tool for the configuration of a firewall. Features a web interface, but you can also use vi in your shell. Automatic script-generation for IP-filtering commands (ipfwadm, ipchains, IP-Filter/ipf) on a firewall for multiple interfaces and _any_ internet services.
Fast Forward - a port forwarding TCP/UDP proxy server by Worldvisions
Firewall Manager - a GUI front-end for ipfwadm based on TCL/Tk.
Ip_filter - BSDish packet filter/nat port for Linux
Ipfwadm - the pre-kernel 2.1 standard Linux kernel packet filter
IsinGlass - scripts designed to protect dialup users using ipfwadm/ipchains
Kfirewall - a small GUI application which allows you to handle ipchains or ipfwadm rules. You can add/del rules and flush. This application must be run as root to have any effect. Only the su (super user) can change the ipchains and ipfwadm rules.
Lingate - a powerful network gateway program. It provides security to your networks, allowing access to the Internet in a safe and secure manner. LinGate has an access control mechanism to restrict access to its services. It can even perform different services for requests from different IPs on the same LinGate port [5/17]
Fwconfig - web front-end for ipfwadm
Proxy - a C application that when run on a multi-homed host will forward all packets from source, to destination. Where source might be a system on the Internet, and destination might be a box on a private network behind a multi-homed Linux machine.
SINUS - finally a buzzword-compliant firewall for Linux