ACLs are really very powerful but so are iptables/netfilter and even more so since there are more filters available than you can think of and even if the existing one does not suit you, you can develop your own. Both are a pain in the butt and the more experienced you are the easier and more versatile those tools become. If nothing else, the open source universe is flooded with raw data display functionality and programs as well as debug capabilities. You just have to dig a bit deeper.
There is however a huge trade off between cost of ownership, running cost, ease of use and manageability, richness of features, extensibility, heat dissipation and even space requirements and noise. I too want a huge data-center with top of the line telecommunications gear, a few petabyte of FC NAS and some supercomputers for good measure but I can't afford to buy that, even if it was a gift I couldn't power it up for long, it will take me a hell of a time to set it up, I will have to build a new house just to put them in and thinking about cooling it down and keeping it quite just gives me a headache. Worst of all, all that gear will be underutilized, it may be fancy and impressive but also a terrible waste of mater and energy.
I know that the above is a terrible exaggeration to the point of flame bait but this was not my intention. My point is that it is best to go for the optimal solution given a specific situation. So my solution at the moment is the ADSL router my ISP provides and a dual core Atom with a bunch of SATA drives that runs Linux and fulfills a big number of roles quite happily (Firewall, DHCP/BOOTP, DNS, NFS4, Samba, FTP, SSH, NTP, etc.).
A big issue I have omitted all together, is what someone, is comfortable using. If IOS is your cup of tea then all the arguments on the world can't change your mind and your are probably right. However, I would like to point out that: "When the only tool you own is a hammer, every problem begins to resemble a nail."
P.S. I have no intention of starting a flame or playing it smart to other people. This is my professional opinion and I stand by it quite passionately. I apologize if anything I wrote come out wrong.
Running IOS on a home router? This is what we call overkill.
I miss the extensive raw data displays, debugging capabilities, and varied access lists. I miss the ability to sting together small unix-like bits (notably, the access-lists) with orthogonal features to make sensible configurations. I've been using DDWRT, and I keep wanting to do things that would have been easy in IOS. ("So, which external hosts is this particular internal host accessing, anyway?") Maybe I just haven't found the appropriate commands, since they tend to be real unix-isms hidden behind GUI menus...