What I have against gui's for firewalls !
I just ran into Firestarter which seems to look like a nice gui for iptables.
But upon seeing the screenshots I was wondering , why would one want to see the firewall status and traffic passing by on the desktop, sure it looks good but who whants a
gui on a firewall , who even wants to install X on an firewall (I`m talking corporate firewalls here, not the ocassional desktop/laptop connected in a "hostile" network that you want to secure).
If you don't have the graphical environment on the physical firewall apart from tunneling it over ssh most solutions open up other ports for the for the application to work, opening more holes in order te create higher security, strange concept :)
Actually from my personal experience, lots of people that are asking for a gui shouldn't be given one because they don't understand what they are doing and screw up more
than they actually secure. These people are better of with a firewall managed by a 3rd party that will help them realise that they shouldn't be opening ftp/telnet/pop3/vnc ports to certain hosts because they already have a VPN infrastructure that gives people access to certain services in a secure way. Too bad that some of them have to learn the hard way that if they start fiddling with their rules things will go wrong and will cost them a lot more to actually fix the problem they created than have somebody else solve it correctly the first time.