I custom developed my own firewall system complete with a
antidos script to detect high-bandwidth UDP, DoS/DDoS attacks.
Most firewall scripts availible for linux deploy a firewall setup the uses a main set of policies to cover all IP's on a server. This is good and all but can be very lacking when you have 10 or 20 IP's on a system. My firewall is designed to encompass many IP's individualy with their own policies and rulesets. But nonetheless it also has global options to open certian ports on all IP's [e.g: 80].
As well my firewall is also setup to define an array of TOS and FWMARK values when the firewall loads, to better handle traffic priority on the system.
Allbe if you download it the documentation is slim, however to the experienced linux admin it should be relativly easy to setup and deploy with what little documentation is there [configuration files are somewhat more documented than the actual README files].
This firewall is a IPTables [netfilter] system for use on single hosts or gateway hosts.