netfilter is a framework for arbitrary packet mangling. So far, a new NAT system and packet-filtering system have been built on top of it, as well as compatibility modules for ipfwadm and ipchains. Netfilter is a work-in-progress, but should be fairly robust for non-exotic work.
5c408a9ccdfb46e1d8fa414673cca5538332fbf428a258088e7938ed700858a9