They whole scripts thing is easy.
I like it for being straight forward and easy to understand.
The iptables/netfilter stuff it does is stellar. I have only found one bug (it has been addressed) and it is a trival "rule fix" for making the rules. I haven't even cared to update to a revision that it is fixed in, it is a 4 second edit of the script to fix it myself.
But, then again I should.
Also, it can upload all the data/script and configs to the devices running the scripts, including "update services" for the firewall.
It uses "first rule match wins" logic for the GUI, but will write the script/ruleset/config the proper way for each type of firewall supported.
I haven't seen something this easy to use and manage a firewall, ever. Even the CISCO WINDOWS stuff comes no-where close.
It is straight forward, can handle anything to the limits of the Firewall device/OS/etc. Storing all the data in XML and a well documented XML schema.
I can setup a small example of the scripts for each and every device/filter it supports using the same ruleset just changing the device type. If you'd like.