I started by using IPTABLES, which is a great feature of Linux, which no other OS can match (Solaris 9 will include SunScreen, but it sucks compared to IPTABLES in features, though SunScreen is easier to administrate)
I wanted the simplicity of SunScreen with the power of IPTABLES, or at least the simplicity of SunScreen under Linux. I've opted for the latter, though maybe the extra IPTABLES stuff is possible too, without sacrificing simplicity.
I started out saying, "right, a firewall doesn't run X, so we need a text-only interface". So I did a shell-based and a C-based text-only interface (I forget which came first, prob. the shell on the basis that you don't want a compiler on a firewall). They were both crap, and reinvented the menu, if not the wheel.
Then I decided to use curses, and did that both in C (soon learned I hated the ncurses API) and shell (using the dialog utility - and soon learned that that was too limited and made the code huge)
So I gave up on that, realised that if you're running a Linux firewall, you're either a desktop user (with X) or a serious user (ie, you have X on some workstation anyway) so the UI difficulties I was having with a curses-only interface were irrelevant. Then I started a GTK-based interface, did a lot of work on it, and realised that, again, there was more GTK code than relevant code, which seems stupid.
So I tried a shell-based CGI version, which came along much more rapidly. As you will see from my Shell Script Tutorial, I'm a big fan of using sh to prototype CGI interfaces (since I don't speak perl), so the sh thing has come along enough to pulbish something, even though it's still pretty useless in real-life situations.
The benefit of sh, is it's easy (for me, anyway), and in situations like this, one bit at a time can be re-written in C (so why bother with perl?)
So here it is, finally, version 6.
Oh, I wrote the IPTABLES gurus before starting this, to see if anything was happening, but was told "well, the CLI is pretty good, that's enough innit?" (I'll dig out the email eventually, but for now I'm paraphrasing).
I noticed RedHat have an IPCHAINS GUI for KDE, but don't really like it, though I've not played with it too much. Also the CGI approach means you can confiugre a whole bunch of machines via one webserver.