The main, working firewall options for Ubuntu now include the new 'ufw' in Hardy, firestarter, ipmasq, and fwbuilder. Of these, fwbuilder is overcomplicated for firewalling your own host (works fine, though, of course) and firestarter is too simple, while ufw and ipmasq lack GUIs. ufw is only an simple commandline wrapper for iptables command anyway (or if it isn't, it should be, because it doesn't do much.)

Firestarter is inadequate because it understands only one internal interface without making manual changes to configuration files. The same is true of ipmasq or ufw. In Windows XP I can trivially set filtering rules per-interface, and when I configure NAT, it is active for all interfaces. I would like to do a bit better than Windows, with a checkbox in each interface's properties which determines whether a matching NAT rule will be created, but otherwise Windows pretty much has it nailed.