I'd like to hear your thoughts on how to best setup my firewall.  First off I am using the X-WRT image with VPN  (Kamikaze version 8.09.2) which includes a firewall on my Asus WL520GU router.  I have AT&T DSL and so I get a dynamic IP address on my WAN.  I have gone through the steps of using USB storage so space is not an issue.  I have LOTS of room for packages.  My goals are to be able to use Shorewall with both VPN and QOS functionality. I wanted to use the functionality in Shorewall to take care of QOS for me.  I have been reading through the forums and have come across two different schools of thought on this subject-

#1 use both firewalls- the stock one as the first to come up and secure the perimeter and then startup Shorewall after everything is initialized.
OR
#2 Use only Shorewall- this would simplify administration but has a little added complexity in that the interfaces need to be ready so that Shorewall doesn't bomb out.  (one poster warned of making sure everything was setup properly? or you might lock yourself out of the system unless you have a JTAG cable and can setup a proper connection using that method).

I have a slight preference for option #2 but am definitely interested in hearing your experiences for either.  If I choose option #2 I understand that the basic process is to remove the S45 firewall script, turn off the firewall service and replace it with a startup script to run Shorewall.  Any other things I should be aware of?  Thanks for your input!