Hi Bill/ Alice, et al.
Like Grand Pa said, "cheap is good, free is better." I'm not sure that applies to security hardware though. You might go back and revisist your risk assessment for your environment, maybe that'll give you some additional justification for this security expenditure to boost you up into a low cost, quality solution. I think the total management and maintenance cost of a freeware solution alone will be justification enough. I'm not sure what your userbase looks like, or what kind of bandwidth requirements you have, but if it were me, I'd give serious attention to the Netscreen product line, the NS5GT is very robust, low cost, it scales well, is low cost, low learning curve, and will address at least some issues with application layer filtering that may be an issue for you now or in the future, beyond a simple packet filter. If the 5GT is too small, you might have a look at a 208. Dependant on your purchasing procedures, you may be able to leverage EBay to get a bargain.
Rgds and G'Luck.