Netfilter is a framework for arbitrary packet mangling. So far, a new NAT system and packet-filtering system have been built on top of it, as well as compatibility modules for ipfwadm and ipchains. Netfilter is a work-in-progress, but should be fairly robust for non-exotic work.
cb739292dc69b03e3b827145f544f6b4c7177ed99da0296a6d99e0dd28673b02