This is the firewall script I use in all servers I maintain. It's designed to be as simple as possible. In its default configuration, it drops all incoming connections except for ssh (with a maximum of 5 connections per minute), allows all outgoing connections, filters many kinds of malformed packets, limits icmp pings and logs all rejected things (taking care of not flooding logfiles). Only Linux iptables are used.
Current version is 2.0.3. This software is licensed under the GPL.
http://triptico.com/download/aovfirewall-2.0.3.tar.gz - [GPG signature]
or get the development version using git:
git clone http://git.triptico.com/aovfirewall