Just want to add that Shorewall, great as it is, will not do any of this. Cut and paste from
www.shorewall.net:
Shorewall Does not:
Act as a “Personal Firewall” that allows internet access by application.
Work with an Operating System other than Linux (version >= 2.4.0)
Act as a Proxy (although it can be used with a separate proxy such as Squid or Socks).
Do content filtering:
HTTP - better to use Squid and Dansguardian for that.
Email -- Install something like Postfix on your firewall and integrate it with SpamAssassin , Amavisd-new and Clamav
Configure/manage Network Devices (your Distribution includes tools for that).
I am fiddling with something similar as hariiyer as an add-in on my current gateway (which is basically shorewall)
and it seems squid will do the job......