The iptables-firewall is the nicest I have yet found.
Just a note on its instructions, it says:

# If you've messed up and need to bring down the firewall
# for whatever reason, run iptables -F

This is not enough. I managed to lock myself out of the machine with it
due to the fact it sets `INPUT DROP.

I now use:
iptables -F
iptables -P INPUT ACCEPT
iptables -X

thanks,
clare