I have updated my iptables scripts again.
This time fw_laptop got support for limiting logging in case of flooding, blocking of known-bad IP addresses (e.g. from DShield.org), optional blocking of certain outbound ports (e.g. X11 server, VNC, NFS etc.), and a few minor tweaks...
Thanks to Ryan Giobbi for several hints and comments. Further comments and suggestions are welcome!
I tried out the nice bfbtester tool (Brute Force Binary Tester) today, which performs checks of single and multiple argument command line overflows as well as environment variable overflows and thus helps in finding possibly insecure software (and fixing it, of course).
I'll probably post a slightly longer article eventually, listing some more tools for checking and auditing software (either black-box style using bfbtester or similar tools, or white-box style, i.e. tools which scan the source code of the software being tested, like rats, flawfinder, pscan etc.).