iptables is the user-space command line program used to configure the Linux 2.4.x and later IPv4 packet filtering ruleset (firewall), including NAT (Network Address Translation).

This package also includes ip6tables, which is used to configure the IPv6 packet filter.

Both commands are targeted at system administrators.

eCryptfs is a POSIX-compliant stacked cryptographic file system for Linux. Each file's cryptographic meta-data is stored inside the file itself, along with the encrypted contents. This allows individual encrypted files to be copied between hosts and still be decrypted with the proper key. eCryptfs is a native Linux file system, and has been part of the Linux kernel since version 2.6.19. This package contains the userland utilities to manage it.

libnetfilter_acct is the userspace library providing interface to extended accounting infrastructure.

1. creating accounting objects

2. retrieving accounting objects (and atomically set to zero)

3. deleting accounting objects

For the nfnetlink_acct subsystem.

UnionFS-FUSE is a flexible union file system implementation in user space, using the FUSE library. Mounting a union file system allows you to "aggregate" the contents of several directories into a single mount point. UnionFS-FUSE additionally supports copy-on-write.

compsize takes a list of files (given as arguments) on a Btrfs file system and measures used compression types and effective compression ratio, producing a report.

A directory has no extents but has a (recursive) list of files. A non-regular file is silently ignored.

As it makes no sense to talk about compression ratio of a partial extent, every referenced extent is counted whole, exactly once -- no matter if you use only a few bytes of a 1GB extent or reflink it a thousand times. Thus, the uncompressed size will not match the number given by tar or du. On the other hand, the space used should be accurate (although obviously it can be shared with files outside our set).

The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI functionality to the Linux-based operating system. This package enhances ALSA by providing additional plugins which include: upmixing, downmixing, jackd and pulseaudio support for native alsa applications, format conversion (s16 to a52), and external rate conversion.

This package provides a kernel module that is capable of resetting hardware devices into a state where they can be re-initialized or passed through into a virtual machine (VFIO). While it would be great to have these in the kernel as PCI quirks, some of the reset procedures are very complex and would never be accepted as a quirk (ie AMD Vega 10).

This package provides boltd, a userspace daemon for Thunderbolt devices, and boltctl, a command-line utility for managing those devices.

The daemon boltd exposes devices via D-Bus to clients. It also stores a database of previously authorized devices and will, depending on the policy set for the individual devices, automatically authorize newly connected devices without user interaction.

The command-line utility boltctl manages Thunderbolt devices via boltd. It can list devices, monitor changes, and initiate authorization of devices.

haveged generates an unpredictable stream of random numbers for use by Linux's /dev/random and /dev/urandom devices. The kernel's standard mechanisms for filling the entropy pool may not be sufficient for systems with high needs or limited user interaction, such as headless servers.

haveged runs as a privileged daemon, harvesting randomness from the indirect effects of hardware events on hidden processor state using the HAVEGE algorithm. It tunes itself to its environment and provides the same built-in test suite for the output stream as used on certified hardware security devices.

The quality of the randomness produced by this algorithm has not been proven. It is recommended to run it together with another entropy source like rngd, and not as a replacement for it.

A suite of tools for manipulating the metadata of the dm-thin, dm-cache and dm-era device-mapper targets.

Thinkfan is a simple fan control program. It reads temperatures, checks them against configured limits and switches to appropriate (also pre-configured) fan level. It requires a working thinkpad_acpi or any other hwmon driver that enables temperature reading and fan control from userspace.

Blktrace is a block layer IO tracing mechanism which provides detailed information about request queue operations to user space. It extracts event traces from the kernel (via the relaying through the debug file system).

Procps is the package that has a bunch of small useful utilities that give information about processes using the Linux /proc file system. The package includes the programs free, pgrep, pidof, pkill, pmap, ps, pwdx, slabtop, tload, top, vmstat, w, watch and sysctl.

This package contains Advanced Linux Sound Architecture topology configuration files that can be used for specific audio hardware.

This package provides many of the missing pieces in GNU libc. Most notably the string functions: strlcpy(3), strlcat(3) and the *BSD sys/queue.h and sys/tree.h API's.

GNU Linux-Libre is a free (as in freedom) variant of the Linux kernel. It has been modified to remove all non-free binary blobs.

The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism. The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.

rfkill is a simple tool for accessing the rfkill device interface, which is used to enable and disable wireless networking devices, typically WLAN, Bluetooth and mobile broadband.

Headers of the Linux-Libre kernel.

Control groups is Linux kernel method for process resource restriction, permission handling and more. This package provides userspace interface to this kernel feature.

These are a set of utilities built upon sysfs, a virtual file system in Linux kernel versions 2.5+ that exposes a system's device tree. The package also contains the libsysfs library.

Nvme-cli is a utility to provide standards compliant tooling for NVM-Express drives. It was made specifically for Linux as it relies on the IOCTLs defined by the mainline kernel driver.

GNU Linux-Libre is a free (as in freedom) variant of the Linux kernel. It has been modified to remove all non-free binary blobs. Configuration options and patches have been applied for use with MNT/Reform systems.

CoreFreq is a CPU monitor that reports low-level processor settings and performance data with notably high precision by using a loadable Linux kernel module. Unlike most similar tools, it can be used to modify some settings if supported by the hardware and at your own risk. It's designed for 64-bit x86 Intel processors (Atom, Core2, Nehalem, SandyBridge, and newer) and compatible architectures like AMD Zen and Hygon Dhyana.

Supported processor features include:

1. time spent in C-states, including C1/C3 Auto- and UnDemotion;

2. core temperatures, voltage, and tweaking thermal limits;

3. core frequencies, ratios, and base clock rate;

4. enabling, disabling, and testing SpeedStep (EIST), Turbo Boost, and Hyper-Threading or SMT;

5. enabling or disabling data cache prefetching;

6. kernel assembly code to keep as near as possible readings of performance counters such as the TSC, UCC, and URC;

7. the number of instructions per cycle or second (IPS, IPC, and CPI);

8. memory controller geometry and RAM timings;

9. running processes' CPU affinity.

This package provides the corefreqd data collection daemon, the corefreq-cli client to visualise and control it in real time, and the corefreqk kernel module in its own separate output. Read the included README.md before loading it.