> There are numerous open source firewall distro's that have the advantage of being authored by people well practiced in security coding, pen testing, etc, and are continually crowd tested for loopholes and shortcomings.

That's what I did at first, but what if there is none that does everything you need? Hacking it would be even worse than rolling your own.