decent non-embeded firewall

[Bryan ONeal]

My Netgear FVS318 router/firewall has developed a nasty habit of
rebooting every time it gets both portscaned and repeated gnutella
requests (who still runs gnutella anyway?) so I am looking to put in a
boarder router/firewall to protect it (read replace it if not for the
lack of an 8 port switch) However the wife will not let my drop an old
ugly tower were I need it to go. However I do have a box I am using for
"web tv" purposes that I can toss a firewall on. My requirements are
simple:
      * Runs on top of a stranded distribution (Ubuntu, Fedora/CentOS,
        OpenSuSE, etc) not as a stand alone isolated distribution on
        dedicated hardware. 
      * Does port forwarding
      * Does NAT 
      * Does Static Routes (Important if I have another router behind
        it) 
      * Does Statefull inspection
      * Does not break IPSec/PFS/L2PT/Etc. 
      * Does custom black listing
      * Prevents DoS (Syn flood, ICMP flood, UDP flood, port scans,
        “ping of death,” IP spoofing, land attack, tear drop attack, IP
        address sweep attack, Win Nuke attack, etc) 
      * Does intrusion detection, preferably with email alerts

Would be nice if it also does:
      * GUI configuration 
      * QoS 
      * DHCP 
      * IAC (Outbound rules) 
      * SNMP2 
      * Decent logging/reporting 
      * GUI Dashboard 
      * DynDNS 
      * Web content filtering 
      * DNS Proxy
      * Black list service

Can any one recommend something or am I left to cobble together what I
can with iptables...

Bryan O'Neal 
O'Neal & Associates 
Phone: (602) 295-4356
Fax:     (602) 795-6050
E-Mail: Bryan.ONeal at TheONealAndAssociates.com 


Blogger <http://twitter.com/BryanONeal>  
Twitter <http://mlwtech.blogspot.com/>  
Linkedin <http://www.linkedin.com/in/thebryanoneal>