Self-Hosted Network Access Control

The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It employs a language-agnostic intermediate representation to synthesize these definitions into platform-specific configurations, while supporting aspect-oriented policy injection to apply security and compliance rules across infrastructure definitions during the synthesis phase. Beyond core provisioning, the project provides a modular component registry for distributing and reusing pre-configured infrastructure building blocks. It supports multi-account orchestration, allowing for the deployment of consistent resource sets across different regions and accounts from a single template, and includes capabilities for detecting infrastructure drift to ensure deployed environments remain aligned with their defined state. The project is distributed as a software development kit, providing programmatic interfaces to manage the full lifecycle of cloud resources and integrate infrastructure definitions directly into application codebases.

XX-Net is a cross-platform desktop application that functions as a local proxy server and network traffic router. It intercepts outgoing network requests from a local machine and redirects them through encrypted tunnels to a distributed mesh of cloud-based nodes, facilitating secure and reliable access to external resources. The software distinguishes itself by providing a centralized management interface for coordinating complex proxy infrastructure. It employs rule-based traffic routing, allowing users to define custom logic based on destination addresses and protocols to determine the optimal path for data packets. This approach enables the circumvention of regional or institutional network restrictions while maintaining consistent connection stability. The application includes a comprehensive suite of tools for managing tunnel connections, listening ports, and remote server configurations. Users can adjust system settings, update schedules, and security credentials through a dashboard that supports dynamic configuration changes without requiring a full application restart.

Cosmos SDK is a modular blockchain application framework and software development kit used to build sovereign layer-one networks. It provides a foundation for creating customizable blockchains featuring native interoperability, sovereign governance, and Byzantine Fault Tolerant consensus engines. The framework is distinguished by its inter-blockchain communication protocol, which enables the transfer of byte-encoded data and digital assets between independent blockchain networks. It supports multiple consensus models, including Proof of Stake and Proof of Authority, and allows for the integration of diverse virtual machines to execute smart contracts. The SDK covers a broad range of capabilities, including typed state management, on-chain proposal governance, account and key management, and validator stake slashing. It also includes developer tooling for transaction simulation, binary compilation, and the orchestration of containerized test networks. Observability is integrated through structured logging and telemetry data export via OpenTelemetry.

This application provides a comprehensive interface for managing network traffic through a core proxy engine. It supports multiple traffic interception methods, including system-wide proxy settings and virtual network interfaces, allowing users to route TCP and UDP traffic based on specific domain, IP, port, or process criteria. The system facilitates complex network configurations through proxy chaining, rule-based routing, and the aggregation of multiple remote subscription sources. Beyond core networking, the tool includes developer-focused utilities for configuration management and system diagnostics. Users can modify configuration objects using a sandboxed scripting engine or automate imports via URL-based protocols and custom response headers. The application also offers administrative service modes for elevated privilege management and provides tools for visual interface customization, including support for custom style sheets and icon management.

go2rtc is a media streaming server that functions as a protocol-agnostic gateway for video and audio feeds. It ingests media from diverse sources and redistributes them across multiple streaming standards, enabling compatibility between proprietary camera hardware and web-based playback clients. The system utilizes a centralized configuration schema to manage stream routing and lifecycle orchestration based on client demand. The platform distinguishes itself through its focus on low-latency delivery, utilizing peer-to-peer connections to facilitate sub-second playback directly within web browsers. It provides a bidirectional audio bridge, allowing for two-way voice interaction between web interfaces and connected devices. To ensure consistent playback across varying network conditions and client requirements, the engine performs real-time format conversion and codec adaptation. The service includes comprehensive tools for monitoring active connections and network traffic statistics to verify stream health. Security is managed through granular control over network interfaces and communication ports, alongside restricted access paths for administrative functions. The software is distributed as a standalone binary, with configuration managed through a declarative mapping system.

AdGuardHome is a network-wide software solution that provides centralized control over domain name resolution, content filtering, and local network management. It functions as a recursive DNS server and DHCP address server, intercepting network traffic to enforce security policies and block unwanted content across all connected devices. By acting as a central gateway, it ensures that every device on a home or office network benefits from consistent protection and private, authenticated name resolution. The software distinguishes itself through granular client management and robust security features. It automatically identifies connected hardware to provide detailed traffic statistics and allows for the application of custom filtering rules to specific devices or groups. To ensure privacy, it supports encrypted DNS protocols, including DNS-over-HTTPS and DNS-over-TLS, and automates the acquisition and renewal of SSL certificates. Administrators manage these settings through a centralized web-based dashboard, which also provides tools for monitoring performance and configuring upstream routing. The platform is designed for flexible deployment across diverse environments, including virtual servers, single-board computers, and isolated containers. It maintains system state through human-readable configuration files and supports non-privileged execution to enhance security. The project emphasizes integrity and reliability, offering reproducible build verification and standardized packaging for various operating systems and hardware architectures.

llrt is a low-latency JavaScript runtime based on the QuickJS engine, specifically designed for executing asynchronous functions in serverless environments. It provides a lightweight execution layer optimized for fast startup times and minimal memory usage when running ES2023 workloads. The project differentiates itself by bundling natively optimized cloud service SDKs directly into the runtime binary to eliminate external dependency loading. To further reduce cold start latency, it implements parallel connection warming for TLS and network handshakes during the startup phase. The runtime covers a broad range of capabilities including network connectivity via HTTP and UDP, filesystem management, and modular cryptographic operations. It also includes memory management tools such as configurable garbage collection thresholds and a set of web API polyfills to ensure compatibility with standard JavaScript libraries. The project includes a built-in test runner for local function verification and supports deployment via infrastructure as code templates.

Sing-box is a universal proxy engine and traffic router designed to manage complex network connectivity across multiple operating systems. It functions as a configuration-driven core that intercepts system-level traffic, allowing for transparent proxying through encrypted tunnels. By normalizing diverse network protocols into a unified interface, the engine enables consistent traffic forwarding and protocol translation regardless of the underlying environment. The project distinguishes itself through a declarative configuration pipeline that validates and merges modular settings into a unified internal state before execution. It employs a rule-based traffic dispatcher that evaluates incoming packets against hierarchical criteria to determine optimal routing paths dynamically. This is complemented by an asynchronous domain name resolution pipeline, which provides granular control over how network requests are mapped and filtered, ensuring that traffic handling remains both accurate and performant. Beyond its core routing capabilities, the platform includes a comprehensive security layer for managing encrypted connections, including support for advanced handshake options and certificate validation. It also provides tools for monitoring real-time traffic and connection status, alongside flexible management of routing rule sets that can be sourced from local or remote locations. The software is designed to be installed as a background service, providing a stable and scalable infrastructure for controlled network communication.

Simplewall is an application firewall manager and network traffic filter that provides a graphical interface for the Windows Filtering Platform. It controls inbound and outbound network access for individual programs and services by intercepting and filtering traffic at the kernel level. The project identifies specific binaries using file hashes to prevent spoofing and allows users to define custom firewall rules based on IP addresses, CIDR ranges, and port numbers. It includes a system for blocking operating system telemetry and managing blocklists of known malicious IP addresses. The tool provides observability through packet logging and real-time notifications when applications attempt unauthorized connections. It also includes capabilities for auditing application changes, managing security profiles, and caching DNS resolutions to optimize event processing.

Hiddify is a cross-platform proxy client designed to manage secure network connections and traffic routing across desktop and mobile operating systems. It functions as a unified proxy manager, providing a centralized interface to configure and control various network proxy protocols for encrypted and private internet access. The application distinguishes itself by integrating local loopback interception, which configures the operating system network stack to route traffic through a local port for granular filtering. It also serves as a self-hosted infrastructure tool, enabling users to automate the deployment of private proxy servers on remote infrastructure through simplified command-line initialization. The system maintains consistency across environments by synchronizing remote server states through declarative configuration files and utilizing an event-driven daemon to monitor proxy health and network state changes. It employs a shared bridge layer to interact with native system APIs and firewall rules, while bundling all necessary dependencies into a singular, self-contained executable package.