Here's the list I came up with.  Most should work under NetBSD with little
modification.  The first few can be found at COAST probably.

I'd be interested in coming up with or seeing some kind of feature
comparison some time according to the criteria below.

tcp_wrapper - Venema's tool
drawbridge - TAMU toolkit
screend - orig by DEC, maint by Vixie
ip_filter - the one over in coombs.edu.au, aka ip_filtXX.tar.gz
TIS FWTK - has a wrapper component
ipfirewall - http://www.ccinet.ab.ca/~dboulet
ipfw - dist with FreeBSD, may be same as ipfirewall above
       (i hate fw names -- they're often confusingly short and ambiguous)

Criteria:
   utilizes ack bit et. al. directly as a keywords
   filter on source & dest ports & addrs
   log accepted or dropped pkts
   filter inc & outgoing on per-interface basis
   should not reorder rules
   (if even possible) have testing/validation of rules
   dynamic filter adjustment