Not to shit on the author of shorewall, but i have to disagree: iptables is not shit to work on. Nor is iproute2. Or any of the low-level tools. They all have a place in the world.
Shorewall is probably nice tool but I have to agree. iptables (and netfilter thereof) are good to work with. In larger setups we used fwbuilder for generating the policy but it always boils down to understand iptables & netfilter.