Python-iptables is a pythonesque wrapper around the Linux iptables/ip6tables facility. It is meant primarily for dynamic and/or complex firewalls, where rules are often updated or changed. Python-iptables makes it possible to use Python to parse or change rules without the need to spawn processes to execute an iptables command.
See http://ldx.github.com/python-iptables/ for documentation.