Great, iptables is in os6.2, but it's hamstrung by not having essential modules built into the kernel. In any event that would be for advanced users.
I suggest two things:
1. Develop a frontview UI for security/firewall. You don't need to expose everything. Just let the user choose an additive or removal mode and then select lan/non-lan ports as exceptions. You make sure the right web ports are left open so the GUI user can't shoot themself in the foot. Add upnp support if you want to make it easier for users to configure their lan firewalls too.
2. Add conntrack and maybe a couple others so that other people can develop a more complex security addon.
Security is no longer a option folks. You need to do something here and you are 99% of the way there. You just chose to not include essential items when you built the kernel.
