OpenBSD PF is nice too. The rules take a bit to get the hang of, but once you do you have a lot of control over what's going across your gateway.

Infinite