actually I found very satisfying package - firestarter
great capabilities for ToS, ICMP filtering, so many easy to handle rules creation menus like for source you have the option to directly specify - firewall host or range or local , single click enables NAT for local guys, and etc. single click FIREWALL LOCK - deny all traffic, and all that in tiny notification area
enjoy some quote
#set up Internet connection sharing in with just a few clicks, or port forwarding when used on a LAN.
# Open and close ports, shaping your firewall with a few mouse clicks.
# Has the ability to restrict outgoing traffic.
# Does advanced kernel tuning stuff, so you don't have to.
# Shows your active connections, including traffic routed through the firewall.
# Translated into over 35 languages.
# Support Linux kernels 2.4 and 2.6.
almost forgot - can set up DHCP server for you with single click again
and what's really the point here is - Real-time firewall event monitor shows intrusion attempts as they happen (also suitable for gateways with ssh could be graphically or console managed)
fs-security.com <- enjoy your safety exept I guess FIN and SYN are not completely covered etc.