Ipf

IPFilter was written by Darren Reed. It is a stateful firewall that also does built-in NAT. IPF was the first Open Source firewall that had a last-matching-rule wins policy as compared to the first-match-wins policy as seen in ipfw. It is a different way of approaching firewall policy and is possibly slower matching packets to rules since all rules have to be traversed from the first to last as compared from first to first-match.

For more information look here.