Sphirewall offers some great features, not using iptables has allowed a lot more flexibility in terms of what can actually be done with packets.
I actively contribute to this project and have found some of the features it offers are well beyond what other open source firewalls offer.
The web management and command line interfaces talk directly to the Sphirewall core via a JSON API. Because the Sphirewall core manages everything this is not just another interface which talks to a bunch of 3rd party applications.
Try it out, let us know if there is any features which you would benefit from!