If you are comfortable with setting up rules along the lines provided by tools like IPCHAINS on linux then you might try looking at CHX-1. I don't work for them or have an interest in them except that I've used it and like it.
http://www.idrci.net/idrci_products.htm -Noah
