Not a recomendation, just some input for you. IMHO idealy based on a toolkit with a language like firehol[1] with support for ip_queue to allow interactive functionality like fieryfilter[2]. Client-Server(firewall), wizard and app based filtering suppport like firestarter[3]. And a GUI similar to guarddog[4] [1] http://firehol.sf.net [2] http://0pointer.de/lennart/projects/fieryfilter/ [3] http://www.fs-security.com [4] http://www.simonzone.com