BRIEF INTRODUCTION TO FIREWALLS
Over the years I have learned how to roll my own firewall script and call it from /etc directory. Of course, my firewall is only INPUT based, instead of INPUT and OUTPUT based, but I find that building an INPUT/OUTPUT based firewall is tremendously difficult and not really all that necessary if you use good download practices on your Linux server or PC and/or if you're already behind a NAT router (such as a home-based DSL or cable router or wireless router) or other firewall.
If you're scratching your head on what I mean by INPUT and OUTPUT, then just think about you being inside a house that has a front door (INPUT), and a backdoor (OUTPUT). When you surf the web, you first start sending packets of data out your backdoor (OUTPUT). Then, packets return and come in your front door and then you see them. In some cases, some packets need to travel back out your backdoor (OUTPUT) in order to establish or continue a connection. To complicate things, imagine multiple front doors and backdoors, and your ability to direct traffic through these doorways through something called rules, which we explain in a moment.