What ways are there of setting up a firewall for traffic routed for other machines whose rules can be managed by a GUI? Can GUFW do it? FireStarter? (or should that be avoided because it is supposedly no longer updated?)

*By filtering, I'm mean the traffic I am setting rules up for is not destined for this computer. It is either from or to other computers on my LAN.

Say, for (a simplified, hypothetical) example:

I have an ethernet connection at my dorm that I have plugged into eth0. It gets an address of 192.168.1.185 and I also have 192.168.185.0/24 routed to me, so I don't have to do any NAT. I have a hub attached to my second ethernet port (eth1) with a few Windows computers and I give addresses out of my 192.168.185.0/24 block with DHCP. How can I use my Ubuntu box to block incoming connections from eth0 that are being routed to my Windows computers and let through just a few specific ports (so fellow students can't see what files my Windows boxes are sharing via SMB)?