While I am sure Shorewall is very good at what it does, it is not exactly all that user friendly. Well it wasn't for me, although I did get it running I had trouble modifying it to do what I wanted at the time, so in saying that I dumped it and went for gShield from http://muse.linuxmafia.org/gshield.html. Shorewall is the official firewall of Mandrake these days although I must admit I did prefer Bastille when it was officially supported.

Gshield is a small 47kb tarball file, easy to install and only one very well documented config file to modify to get you running and secure. It is quite configurable, IP Masq, transparent proxy support, P2P, SSH, IRC, port forwarding, webserver, ftp etc.. etc.. is supported "out of the box", generally with a simple "NO or OPEN" comment in the appropriate places to allow or deny access to the service.

It also offers blacklisting of IP's either automatically or manually. In the end it is just a script that sets up IPtables according to your choices in the conf file.

It's worth checking out until you come to grips with "rolling your own" firewall script or get your head around Shorewall.

As a Redhat user dont overlook Bastille (http://www.bastille-linux.org), I think there is a version for Redhat 8 and it is very good at locking down the box with its "hardening script" over and above just firewalling it. Bastille has a very user friendly setup interface, asks the question and give a detailed explanation of what it is doing for your given choice.

Good luck with whatever you chose to go with but there are easier ways to achieve the same result without Shorewall.