I would personally do a filtering bridge to avoid administrative overhead when dealing with businesses, but if these were for homes, then a normal firewall implementation would be just fine. Additionally I would block TCP/UDP 135, TCP/UDP 137-139, and TCP 445. And if in Canada you can get away with it, bittorrent :), kidding.
For hardware I like those from http://www.ironsystems.com - the A Class. Curtis
