I can not help with a Linux solution, but have found that a Firewall appliance (Cisco, SonicWall etc..) Gives the best all around protection.
Cisco now has their ASA appliances out that will give you Firewall VPN Concentrator and IDS in one box.
Depending on your needs, they can be fairly inexpensive once you consider how much you can do with it.
_________________________
Today is the tomorrow you worried about yesterday.
